Advertisement

Employee records at UVA hacked through phishing scam – officials

The FBI notified the school that overseas hackers had been able to steal personal information of about 1,400 employees at the University of Virginia.

The University of Virginia revealed Friday that it was among several U.S. colleges and universities hit by overseas hackers who succeeded in stealing personal information.

Hackers, using phishing techniques, were able to access W-2 income tax records for about 1,400 employees, as well as the direct deposit banking information of 40 employees, according to officials for the Charlottesville-based university, which has more than 20,000 workers.

The data breach was discovered as part of an extensive law enforcement investigation that affected several unidentified colleges and universities, according to FBI officials. The FBI said it has suspects in custody.

The perpetrators asked employees to click on a link and provide usernames and passwords. University officials said this breach is not related to the cyber attack in June from China that compromised portions of the school’s IT systems. The breach did not reach UVA Medial Center.

Advertisement

“IT leadership with the support of the Board of Visitors has undertaken a security enhancement program aimed at fortifying the security of data and information stored on University resources and aiding in the prevention of future cyberattacks,” said a university spokesman contacted by EdScoop.

“The University regrets that the personal information of these employees was accessed and will continue to fortify its systems to prevent this from occurring in the future,” Executive Vice President and COO Patrick D. Hogan said in a statement. “The security of personal information and data remains a top priority of the University and our IT professionals will continue to remain vigilant and work to further enhance our IT security infrastructure and systems.”

University officials assured employees that they are working to strengthen security protections. They notified affected employees on Friday, and offered them one year of free credit monitoring and identity protection services.

Ironically, UVA is one of a number of higher education institutions taking part in the National Initiative for Cybersecurity Careers and Studies, offering certificates in cybersecurity management.

Reach the reporter at corinne.lestch@edscoop.com, and follow her on Twitter @clestch and @edscoop_news.

Latest Podcasts