This website uses cookies to ensure site visitors get the best experience on our website. By continuing to use this site, you accept our use of cookies and Privacy Statement. To find out more, please visit Southern University's Privacy Statement.

I agree
Cyber Security Notification

Frequently Asked Questions

When did Southern University first learn of the breach?

Payroll Officers noticed a suspicious change in one deposit table and began an investigation on April 23, 2019. During this investigation it was determined the changes were the result of a security incident associated with a phishing email to employees.

 

When did the University start notifying affected parties?

The University began notifying individuals of the incident on April 24, 2019.

 

When was the Southern University system inappropriately accessed?

The University traced the first unauthorized access to Banner to April 12, 2019.

 

Was the venerability exploited prior to the detection?

The University discovered the changes prior to any loss of any payroll or permanent damage to the individual accounts.

 

When was the vulnerability discovered?

The vulnerability was discovered on April 23, 2019

 

How did the security incident happen?

A payroll officer notified DoIT concerning an employee’s ability to access and update their direct deposit information in the Banner system, contrary to University procedures. The employee was contacted and DoIT determined the changes were unauthorized. An investigation of the Banner System revealed a total of seven (7) employees were impacted. The incident was traced back to an email phishing attack used to obtain the login credentials. Those employees’ credentials were then used to alter their direct deposit information via Banner web application.

DoIT activated a containment plan as follows:

  • Disabled Banner Self-Service direct deposit packages to prevent potential updates from Banner web applications
  • Running queries to monitor all activities on the Banner direct deposit tables
  • Notified and reset the affected employees Banner account.
  • Informed the community of the incident
  • Implemented a trigger to notify an employee and Payroll Office when updates are made to an employee payroll information

 

Have protections been put in place to prevent it from happening again?

Yes. The background web packages for direct deposit has been disabled effectively preventing direct deposit updates via Banner web. Southern University continues to proactively monitor Banner and has implemented a trigger to notify employees and the Payroll Office when updates are made to an employee payroll information.

 

What type of information was the outside party able to access?

We are aware the direct deposit information for seven (7) employees was altered.

 

Where can I get more information about the incident?

This website, www.subr.edu/cybersecurity, is the official source for information regarding the incident. It is updated as new information becomes available. An incident report will be published once the investigation is complete.

 

Was I impacted?

The employees impacted have been notified.