NORMAL, Ill. ― An apparent information breach at Illinois State University allowed someone to divert the direct-deposit payroll payments of more than a dozen faculty and staff members to another account, according to university officials.
The breach appears to be limited to 13 of the school’s employees, and it involved a total of about $50,000, chief of staff Jay Groves told The (Bloomington) Pantagraph. The university has made sure the proper amount will be credited to the affected employees’ accounts, and the university will continue to follow up with the affected employees, he said Tuesday.
On Monday, the university learned about the problem when one of the victims called to report it, prompting an investigation, according to Groves. The university’s police and technology departments are working with the FBI and the Illinois State Police on the investigation into the data breach.
An email was sent to all faculty, staff and students on Tuesday afternoon to make them aware of what happened so they can check their accounts and make sure there’s no suspicious activity. It also informed them that the ability to modify bank routing information for direct deposits online through the “iPeople system” has been temporarily suspended “to preserve payroll data integrity.”
Officials believe the person or people who are responsible for the data breach were able to use university logins belonging to the affected people to access their accounts and then change their direct-deposit information.
Groves said he learned from the FBI and other agencies that similar crimes have occurred at five other universities in other states.
This is the first time anything like this has happened at Illinois State University, according to Groves.