Another phishing attack has exposed the private data of University of Virginia employees at risk.

An investigation by the FBI has led to suspects being arrested and being held in custody, although how many and their identities are unknown.

A malicious email, either sent in bulk or specifically crafted to employees, is sent with the overall intention of securing account information. However, in this case, the email asked for passwords and usernames to the human resource system.

Unfortunately, someone fell for the scam and allowed access to the criminals. Once inside they were able to access the 2013 and 2014 W-2s of approximately 1,400 employees, and the direct deposit banking information of 40 employees.

As with most breaches, the University is providing a year of free credit monitoring and identity protection services in reparation.

Source: ZDNet