Officials of East Tennessee State University investigating the phishing attack
A phishing attack is being investigated by the officials of East Tennessee State University (ETSU), where two ETSU employees email accounts got compromised and there might be a possibility that thousands of personal information being accessed.
A spokesman of ETSU confirmed that two employees from same department, having access to personal information in detail of thousands of university's staff and faculty members, clicked fraudulent links around September 25, 2018.
On October 17, the first breach has been discovered. The second breach, using same email sent to another employee, has been discovered on October 26. Once discovered by ETSU, both the accounts were disabled immediately and further investigations were launched.
Joe Smith, a university spokesman, said "we had to go through every email, email by email, line by line. We wanted to do that so we know exactly the names of the persons who may have had information that could have been accessed".
It is still not clear who is behind this phishing attack, although the officials of university believe that these two ETSU employees were targeted due to their access to the personal information of the employees. It also appears that the phishing email was from one fellow employee.
Personal information of around 7,700 faculty and staff members was there among thousands of emails in the two compromised accounts of ETSU employees. Information included names, social security numbers and birthdays. Although the breaches only seems to have impacted the staff and faculty, but the officials say that few students, in case they were listed as beneficiaries or dependents, might be at risk also.
East Tennessee State University is now contacting and notifying every individual who were impacted by this phishing incident, which also includes the former employees. Moreover, the university is providing credit monitoring service for a year to potential victims at no cost. For the credit monitoring service, the university has to pay around $22,000.
ETSU says they started flagging the external emails some months ago. For email access off-campus, the two-step login process will now be implemented added ETSU. Besides, a hotline number (i.e. 423 439-3338) was also given for the victims of breaches.
» SPAMfighter News - 11/30/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!