Direct Deposit Fraud Alert  

Investigation into Fraudulent Direct Deposit Changes made on February 19 via MyInfo

Updates will be posted below as more information becomes available.

March 26, 2015 - Letter to MSU Faculty and Staff and Students from CIO Jerry Sheehan and CSO Rich Shattuck 

Dear Faculty, Staff, and Students,

This message is an update on the continued investigation into fraudulent direct deposit changes made through MyInfo in Banner.

After intensive review of our Banner system and work with Human Resources, MSU has confirmed a total of seven fraudulent direct deposit changes. Five of these changes resulted in a transfer of funds to unauthorized accounts. Local and federal law enforcement have been provided with banking details for these transactions.

Technical analysis, outreach to law enforcement, and conversations with other universities indicate a strong probability that the fraud at MSU was through a very sophisticated phishing attack. Montana State’s Information Technology Center continues to acquire and deploy additional technologies to help reduce the threat associated with malware and phishing on campus. Personnel from Human Resources are also confirming the remainder of all electronic direct deposit changes made over the course of the last month.

IT Security, Human Resources, and law enforcement have been in contact with the victims of this fraud. Technical analysis of their computing hardware has been preliminarily completed, and Human Resources has been able to reissue pay to these individuals. In addition, the University will be extending identity theft monitoring to these users.

The ability to electronically edit direct deposit information through MyInfo remains disabled. If you need to change your direct deposit information, please print and complete the Direct Deposit Request Form from the Human Resources website.

As a reminder, MSU will never send you an email asking for a password or containing an active link requiring you to enter personal information. If you have any questions about the validity of an electronic communication please contact MSU IT Security (itsecurity@montana.edu) prior to entering or sharing any data.

Thank you,
Jerry Sheehan
Chief Information Officer

Rich Shattuck
Chief Security Officer

 

March 20, 2015 - Letter to MSU Faculty and Staff and Students from CIO Jerry Sheehan and CSO Rich Shattuck 

This is an update on the status of the investigation into fraudulent direct deposit changes made on February 19 through MyInfo in Banner.

MSU has confirmed that 5 of 6 individual direct deposit changes were due to fraud. Our investigation is ongoing in coordination with law enforcement.

Further analysis of the computing hardware used by the individuals is underway and the Enterprise Services Group and Human Resources continue to analyze and validate all payroll direct deposit changes that were made over the last month.

If you made a change to your electronic payroll deposit information since February 20, you may be contacted by an HR representative to confirm validity.

Effective March 19, the ability to change payroll direct deposit information through MyInfo has been suspended. If you need to change your payroll direct deposit information, print and complete the Direct Deposit Request Form available at MSU's Human Resources website and mail to Human Resources. Please contact Darcy Tickner at dtickner@montana.edu or 994-7926 should you have any questions regarding the form.

MSU’s IT Center has put in place additional monitoring and controls and will continue to work with law enforcement agencies on the investigation into this crime. If you believe that you may have been affected, please contact MSU IT Security at itsecurity@montana.edu in addition to the the MSU Police Department at 994-2121.

Additional information will be posted here as it becomes available.

Sincerely, Jerry Sheehan
Chief Information Officer

Rich Shattuck
Chief Security Officer

This is an update on the status of the investigation into fraudulent direct deposit changes made on February 19 through MyInfo in Banner.

MSU has confirmed that 5 of 6 individual direct deposit changes were due to fraud. Our investigation is ongoing in coordination with law enforcement.

Further analysis of the computing hardware used by the individuals is underway and the Enterprise Services Group and Human Resources continue to analyze and validate all payroll direct deposit changes that were made over the last month.

If you made a change to your electronic payroll deposit information since February 20, you may be contacted by an HR representative to confirm validity.

Effective March 19, the ability to change payroll direct deposit information through MyInfo has been suspended. If you need to change your payroll direct deposit information, print and complete the Direct Deposit Request Form available at MSU's Human Resources website and mail to Human Resources. Please contact Darcy Tickner at dtickner@montana.edu or 994-7926 should you have any questions regarding the form.

MSU’s IT Center has put in place additional monitoring and controls and will continue to work with law enforcement agencies on the investigation into this crime. If you believe that you may have been affected, please contact MSU IT Security at itsecurity@montana.edu in addition to the the MSU Police Department at 994-2121.

Additional information will be posted here as it becomes available.

Sincerely, Jerry Sheehan
Chief Information Officer

Rich Shattuck
Chief Security Officer

March 19, 2015 - Letter to MSU Faculty and Staff from CIO Jerry Sheehan and CSO Rich Shattuck

This afternoon the University became aware of three fraudulent direct deposit changes that were made on February 19th through MyInfo. The result of this illegal activity was transfer of funds to an unauthorized source. Human Resources, Information Technology Security, and the Police are currently in contact with these three individuals as part of an active investigation.

Our investigation has flagged an additional three direct deposit changes initiated on the 19th that seem suspicious given the time of the day the changes were made. Our team is in the process of contacting the impacted individuals to validate that they initiated these changes.

As an immediate precaution, ITC has disabled the electronic direct deposit change tool available through MyInfo. In collaboration with Human Resources, we are also assembling a master list of all direct deposit changes made within the last month. We will then validate that each change was initiated by the MSU user.

More information will be shared on our investigation as it becomes available.

If you have any immediate concerns regarding your direct deposit information, please contact Darcy Tickner via email at dtickner@montana.edu or 994-7926.

If you have any additional questions or concerns regarding our investigation of this incident please feel free to email or call Jerry Sheehan at jsheehan@montanan.edu or 994-2525.

Sincerely, Jerry Sheehan
Chief Information Officer

Rich Shattuck
Chief Security Officer