Two employees at East Tennessee State University fell for an email phishing scam and paved the way for a breach at the school.
“We believe that these two employees were part of a group of employees that the e-mails were sent directly to intentionally, they clicked on the e-mail because they thought the e-mail was coming from another supervisor…so yes we do think these two employees were part of a group of employees that were intended to get this message, this is not something that went university-wide,” ETSU spokesperson Joe Smith said in a statement cited by WHJL news.
The breach, which was discovered October 17, could have affected 7,700 people. The school has begun investigating and notifying potential victims.
“On October 17, 2018 ETSU ITS discovered that an ETSU employee clicked on a phishing email that resulted in an unauthorized person accessing with access to her email mailbox. Immediately upon discovery, ETSU ITS disabled the employee’s email access, reset the employee’s username and password and commenced an investigation,” the ETSU said in a notification obtained by WHJL. “We are notifying you, because personal information about you and/or individuals in your family, household or otherwise, was contained in one of the employee’s email mailbox. The types of information present in the email mailboxes include full name and security numbers of each individual listed below: Other information that may have been included is noted next to the individual’s name.”