There’s still one Orange to root for — The Daily Orange! Donate today and help us win College Media Madness.

Two email accounts associated with Syracuse University’s office responsible for processing payment for goods and services were accessed by an unauthorized party in November 2021, according to a university-wide email Monday.

The Disbursements Office, according to SU’s website, is responsible for processing payments for goods and services and expenses for university business, ensuring compliance with university policies and government regulations, maintaining records of transactions and providing account information to members of the community.

After a review, completed in mid-February, the university identified that the personally identifiable information of certain individuals, such as course or lab information, bursar account balances and notices of grant awards, were attached in emails of the accounts that were affected between Nov. 11-15, 2021, the email said.

The unauthorized party gained access to the email accounts as a result of a phishing scam, the email said. The investigation was not able to determine whether the unauthorized party actually viewed the emails or attachments.

The university will mail notification letters to the individuals whose information was present in the accounts with advice on steps to take to protect their information, the email said. SU will also offer complimentary identity monitoring services to individuals whose Social Security numbers or driver’s license numbers were contained in the accounts.

A university spokesperson did not confirm the number of individuals affected by the unauthorized access.

---

More coverage of SU’s history of data breaches:

• SU staff, faculty required by state to complete information security training
• Student files class action lawsuit against SU over data breach that affected 10,000
• SU defends response to data breach amid criticism, anger
• SU data breach exposes nearly 10,000 names, Social Security numbers
  

---

On Feb. 10, 2021, the university revealed that the names and Social Security numbers of about 9,800 students, alumni and applicants had been compromised after an employee’s email account was breached in September 2020. SU did not immediately notify the impacted individuals.

The university said at that time it would offer students a complimentary membership to Experian to help detect misuse of information and provide identity protection support, as well as implement more comprehensive cybersecurity measures.

Published on March 28, 2022 at 6:54 pm

Contact Richard: rcperrin@syr.edu | @richardperrins2