Most identity thefts take a long time to discover. A few like this month’s case at Illinois State University are uncovered almost immediately, but still the damage is done. In Normal, Illinois this month, 13 employees found their paycheck direct deposits had been hijacked by hackers.
In all, around $50,000 in payments were diverted without employee or employer authorization after deposit information for a number of workers was altered.
The university’s chief of staff, Jay Groves told Bloomington’s Pantagraph that the institution had suspended its iPeople system, which allows workers to update or modify their bank routing data for direct deposit. This short- term measure is designed to “preserve payroll data integrity” according to Groves.
It’s believed that the issue was created when hackers obtained log-in credentials for a handful of employees and one theory is that an employee opened the door by responding to a phishing email. All staff, students and faculty have been notified to check for possible discrepancies in their own accounts.
The FBI and the Illinois State Police are investigating and there are reports of similar issues at five other universities in the nation.
Bank routing data is a gold mine for would-be hackers and it’s not as easy to change as a credit card number. You’ll have to cancel your main banking account, reprint checks, etc. It’s an all-too-common headache created whenever a major payroll company is hacked.
The best advice for all individuals with financial accounts is to set alerts that inform you any time withdrawals exceed a set amount. That way, you’ll be rapidly notified if someone is draining your account. It’s a time when speed really matters. However, alerts won’t help those ISU workers missing a paycheck who are probably struggling to pay their bills this month.
ID Watchdog monitors and instantly provides alerts on high-risk transactions – transactions that appear to be unusually suspicious, risky, or indicative of potential identity theft. High-risk transactions cover a number of categories, such as unauthorized account access, fund transfers, and new account applications. Additionally, ID Watchdog can detect fraud up to 90 days earlier than traditional credit monitoring services.