Michigan State University (MSU) has announced that its EBS HR/Payroll systems were recently taken offline after two employees reported receiving e-mail confirmation of changes to their direct deposit designations on October 18, 2013 (h/t Softpedia).
According to a university statement, valid credentials were used by a perpetrator to modify the employees' banking information. University police believe that the credentials were obtained through a phishing attack.
The university says there's no indication of a system-wide security breach or exposure of other employee data, and all EBS systems are now back online.
Anyone who suspects that their banking information may have been compromised is being advised to contact (517) 355-2222.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
MSU was previously breached in December 2012, when a hacker published approximately 1,500 names, e-mail addresses, encrypted passwords, user IDs and mailing addresses.