Dive Brief:
- Thirteen Illinois State University employees did not get their direct deposits in the last payroll cycle, thanks to a data breach that allowed a redirect of their deposits to different accounts.
- The Pantagraph reports about $50,000 was rerouted in a crime that the FBI says has been repeated at five other universities outside of Illinois.
- While the investigation continues, Illinois State has suspended the ability to modify banking information for direct deposits online, requiring employees to submit changes through the payroll office.
Dive Insight:
Like any institution, colleges and universities are vulnerable to phishing campaigns that ask employees for login information and trick a handful into providing it. No matter how strong firewalls and other information security protections are, when people give away their own passwords, there is little security teams can do. It is critical that accounting departments add regular training to security protocols.
The University of Virginia announced at the end of January that cyberattackers had infiltrated its Human Resources system and gained access to the W-2 information of 1,400 employees and the direct deposit banking information of 40. Just last month, the University of Central Florida announced its own data breach, revealing that hackers accessed 63,000 people’s social security numbers. Attacks and breaches happen every day, and the threats are constantly changing, making cybersecurity one of the most pressing issues facing higher education today.