14 DAY TRIAL // The University of Virginia (UVA) began informing employees of a data breach that took place between November 2014 and February 2015 and resulted in the exposure of H2 tax forms for around 1,400 employees.
University management announced the data breach on January 22, when they started sending emails and US mail to all affected employees.
According to a statement put out by the University, the attackers managed to get their hands on W-2 tax forms for 1,400 employees, for the years 2013 and 2014.
Additionally, direct deposit banking information of 40 employees was also accessed. Only 7% of the university's 20,000 staff members were affected by the data breach. No medical information was taken during the episode.
FBI agents discovered the data breach
FBI agents informed the University of the incident and later confirmed that the culprits were already arrested and in custody.
Even if not officially confirmed, the FBI investigation seems to have been started in the spring of 2015, when university staff members complained of tax fraud.
University representatives explained that the data breach occurred because some employees fell victim to phishing attacks, clicking links in spam email. These employees were redirected to the attackers' servers, where they entered sensitive access credentials for various University portals.
No connection to August's data breach
The University's IT staff is also asking members to change their passwords. Back in April 2014, UVA implemented an automatic system that makes all employee passwords expire each year.
In August 2015, UVA also announced another data breach. Authorities suspected Chinese hackers of being behind that incident. University staff said there's no connection between the two events. August's attack seemed to be part of a series of cyberattacks against multiple US universities that included other targets such as Penn State and UConn.
University of Virginia employees may call toll-free 1-855-907-3155 and find out if their information was exposed during the most recent incident. All affected employees will get a free year of credit monitoring services.