Data Breach at the University of Virginia Exposes 1,400 Personnel Records
Late last week, the University of Virginia notified its employees that their personally identifiable information (PII) had been accessed by an unauthorized third party.
The breach occurred due to a phishing scam where cyber criminals sent emails asking recipients to click a link and enter their UVA usernames and passwords. Once inside the system, the perpetrators were able to access the 2013 and 2014 W-2s of approximately 1,400 (of the University’s 20,000) employees. In addition to W-2s, the direct deposit banking information of 40 employees was accessed.
According to the UVA announcement, the hackers first accessed the system in November 2014, and the last suspected intrusion took place in February 2015.
Last spring, a number of UVA employees had reported tax fraud. At the time, the University did not believe this fraud resulted from a breach of its databases. However, the recent FBI investigation indicates that some of these fraud attempts may have resulted from this attack.
After an investigation, the FBI has the “overseas” suspects in custody.
UVA faced a cyberattack originating from China in June, but they said the two incidents were unrelated. This previous attack targeted the school’s IT system.