January 25, 2016
A phishing attack was used to access to University of Virginia’s (UVA’s) HR system, and personal information of 1,400 employees, the Federal Bureau of Investigation (FBI) told the Charlottesville, Va.-based school.
The W-2 tax statements of 1,400 employees and direct deposit banking information of 40 employees were stolen, according to an FAQ statement posted on the university website. The FBI said suspects are now in custody, according to the university.
The attackers gained access to the HR system of the university through an email phishing attack that asked employees to click on a link and enter their employee user name and passwords. This gave the attackers access to the HR system beginning in November 2014, and the date that the attackers are suspected to have last accessed the system was February 2015.
In June, the university’s system was attacked by a group in China. At the time, the university said banking information, health data, and Social Security numbers were secure. UVA said the phishing attack was not related to the June attack. The FBI and school authorities were not available for comment by press time.