The University of Virginia (UVA) suffered a data breach that was initiated via a phishing scam that revealed the tax and banking data of some of the school's employees.
How many victims? 1,400
What type of information? W-2 tax forms for the years 2013-14 for 1,400 were accessed along with direct deposit banking information for 40 of the 1,400 victims.
What happened? The data breach is the result of a “phishing” email scam that saw the cybercriminals sending university employees emails asking the recipients to click on a link and provide user names and passwords. Once this barrier was breached the attackers gained accessed to the school's human resources payroll database.
What was the response? The University of Virginia collaborated with the Federal Bureau of Investigation to determine what happened. UVA began notifying the affected employees on January 22 of the breach and is offering free credit monitoring.
Details? This incident is believed to have taken place in November 2015. The payroll database that was accessed includes only employees working within UVA's Academic Division and does not include UVA Medical Center information. UVA said this attack is not related to another that took place in June, which was blamed on Chinese hackers.
Source: The University of Virginia