Data Breach at the University of Virginia Exposes 1,400 Personnel Records

January 27, 2016, Written By Lynn Oldshue
CHARLOTTESVILLE VA - AUGUST 28: Dawn sky over Old Cabell Hall on campus of University of Virginia UVA on August 28 2013. Designed by Thomas Jefferson as an Academical Village

Late last week, the University of Virginia notified its employees that their personally identifiable information (PII) had been accessed by an unauthorized third party.

The breach occurred due to a phishing scam where cyber criminals sent emails asking recipients to click a link and enter their UVA usernames and passwords. Once inside the system, the perpetrators were able to access the 2013 and 2014 W-2s of approximately 1,400 (of the University’s 20,000) employees. In addition to W-2s, the direct deposit banking information of 40 employees was accessed.

According to the UVA announcement, the hackers first accessed the system in November 2014, and the last suspected intrusion took place in February 2015.

Last spring, a number of UVA employees had reported tax fraud. At the time, the University did not believe this fraud resulted from a breach of its databases. However, the recent FBI investigation indicates that some of these fraud attempts may have resulted from this attack.

After an investigation, the FBI has the “overseas” suspects in custody.

UVA faced a cyberattack originating from China in June, but they said the two incidents were unrelated. This previous attack targeted the school’s IT system.



The information contained within this article was accurate as of January 27, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.