Data Breaches | News

Saint Louis U Tormented by Phishing Lures

• By Dian Schaffhauser
• 10/10/13

A series of phishing scams recently sent Saint Louis University (SLU) scrambling to mop up the mess left when health records of about 3,000 people were exposed and banking details for about 10 employees were changed. The university began discovering the security breach in early August. According to the evidence, school officials said, the initial target of the attack was to glean financial information.

Since then, multiple instances of various phishing emails have been received by university members, but none of them has done the harm that the first one did.

In that case, according to a message posted on the institution's Web site, some employees had provided secure account information in response to a "sophisticated phishing email scam they received on July 25." The subject line of those messages read, "SLU incident where your SLU Net ID may have been compromised" and it appeared to come from a university account. Once recipients clicked on the spam link, the landing page attempted to replicate mySLU, a university portal site for online tools.

The university brought in law enforcement, implemented an investigation, notified the affected employees, and set about securing university accounts.

While direct deposit changes were made, the university noted, no unauthorized financial transactions occurred.

As the investigation proceeded, Saint Louis U also discovered that about 20 university email accounts containing personal health data for about 3,000 people had been accessed as well as about 200 Social Security numbers. Among those affected were people treated at "partner facilities," which required the university to work with those organizations as part of its response.

At no time, the institution insisted, was the university's electronic health record system breached.

Saint Louis U said that although none of the information seems to have been abused by cybercriminals, it was still providing a year of free continuous credit monitoring and identity theft protection to all of those affected by the security breach.

Since the initial break-in, the information security team reported that users were receiving other phishing emails with the subject lines, "Emergency Alert" and "Upgrade Alert." In those cases, the email was less persuasive. They come from odd email addresses ("homboldt.edu" [sic] in one instance and "[email protected]" in another), use poor grammar, and include a "strange link" in the body of the email. As the team advised its community online, "SLU will never try to confirm your information this way and will never ask for your password or personal information in an email."