Data Breaches

Direct Deposit Breach Strikes Illinois State

• By Dian Schaffhauser
• 03/07/16

A central Illinois newspaper has reported a breach within Illinois State University in which direct deposit payroll payments for 13 school employees were diverted to a different bank account.

According to reporting in The Pantagraph, the university learned about the problem when one of the affected employees reported it. The total amount was about $50,000, and the university has made up the loss to the employees. It has also sent out emails to faculty, staff and students to alert them to check their own accounts for "suspicious activity."

The university's chief of staff, Jay Groves, told the newspaper that the break-in resulted when somebody accessed the university logins of the people who were affected, allowing the hacker to access their accounts and change their direct-deposit information. To prevent that from happening again, the school has shut down  that specific self-serve functionality within its human resource information system, iPeople, temporarily, "to preserve payroll data integrity."

Both the university's IT and police departments are working with other law enforcement agencies, including the FBI, on the case. Groves added that similar crimes have occurred at other universities, and they've been contacted as part of the investigation.