On August 8, 2013, the university learned that some employees had provided their account information in response to phishing e-mails sent on July 25. An investigation determined that about 10 employees’ direct deposit information was changed, though no unauthorized financial transactions had taken place.
The university also found, however, that the phishing scam had provided access to about 20 e-mail accounts that held approximately 3,000 people’s personal health information, as well as approximately 200 Social Security numbers.
“Some of the individuals whose information was included in the emails were patients treated or reviewed by a SLU physician at facilities owned by the Tenet Healthcare Corporation or SSM Health Care,” SLU stated. “The University is working with these health care partners in its response efforts.”
While the university believes that the scam was aimed primarily at accessing financial information, SLU is providing all those affected with one free year of credit monitoring and identity theft protection services.