Dive Brief:
- The University of Virginia is dealing with the aftermath of a data breach that exposed the W-2s of about 1,400 employees and the direct deposit banking information of another 40.
- Zero Day reports cyberattackers accessed the Human Resources system in 2013 and 2014 following a phishing campaign in which employees received an email asking for their account information and at least one gave it.
- The attackers made their last-known intrusion in February 2015 and an FBI investigation led to suspects who are being held in custody; meanwhile, the university has offered affected employees one year of free credit monitoring services.
Dive Insight:
The Human Resources data breach at the University of Virginia is not connected to the one from last June that affected the university's IT systems and originated in China. UVa employees are in a long line of victims from cyberattacks at higher education institutions, where data is especially vulnerable and plentiful for hackers. In October, Rutgers suffered its fourth network outage caused by a cyberattack in less than a year. A Penn State attack last summer caused concern about a coordinated effort by Chinese hackers that could be national in scope.
The reality is, higher education institutions cannot completely remove their vulnerability. There are too many opportunities for human error. But beefing up security as much as possible and taking preventative measures is key.