Educause Security Discussion mailing list archives
Re: Unusual pattern of compromised accounts
From: David Santos <SantosD () FELICIAN EDU>
Date: Fri, 26 Jan 2018 21:30:46 +0000
Hi Joe, I know your College has been in the news over the last year or so; I would start to question if this could somehow be related; is that your common factor? Looks like the culprits went after financials and I would assume internal breach with maybe only one compromised account (someone within payroll for example). David Santos IT Security & Helpdesk Manager, Information Technology [cid:image002.jpg@01D396C2.FCA65F60] Felician University 262 South Main Street Lodi, NJ 07644 P: 201-559-6075 www.felician.edu<http://www.felician.edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pollock, Joseph Sent: Friday, January 26, 2018 4:17 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Unusual pattern of compromised accounts Has anyone observed the following: 1. A cluster of compromised accounts with no indication of a common factor such as clicking on a phishing link. Users have no idea how the compromise occurred. 2. The culprits change the user's direct deposit authorization 3. They may have been familiar with the Banner system. 4. No other activity was observed. We are looking for other indications, such as compromised desktops, but have found nothing as yet. Please reply outside the list if you wish. Joe Pollock Network Services The Evergreen State College ______________________________________________________________________ This incoming email has been scanned by the MessageLabs Email Security System for Felician University. ______________________________________________________________________ ______________________________________________________________________ This outgoing email has been scanned by the MessageLabs Email Security System for Felician University. _____________________________________________________________________
Current thread:
- Unusual pattern of compromised accounts Pollock, Joseph (Jan 26)
- Re: Unusual pattern of compromised accounts Haselhoff, Brent (Jan 26)
- Re: Unusual pattern of compromised accounts Pollock, Joseph (Jan 26)
- Re: Unusual pattern of compromised accounts Robert Smith (Jan 26)
- Re: Unusual pattern of compromised accounts David Santos (Jan 26)
- Re: Unusual pattern of compromised accounts Chris Grooby (Jan 26)
- Re: Unusual pattern of compromised accounts Hiram Wong (Jan 29)
- Re: Unusual pattern of compromised accounts Andy Hooper (Jan 29)
- Re: Unusual pattern of compromised accounts Arffa, Letheshia (Jan 29)
- Re: Unusual pattern of compromised accounts Haselhoff, Brent (Jan 26)