Some members of this year’s graduating class said their credit card information was stolen after the University’s commencement attire vendor became the victim of a cyber attack.
Students said a data breach of Herff Jones, the company that sells students caps and gowns for commencement, hacked their payment information and ran up unauthorized charges on their credit cards after submitting orders with the company. The breach leaked payment information belonging to students from multiple universities contracting the company across the country, including the Universities of Delaware, Illinois and Houston.
In an email sent to graduating students from The Office of Ethics, Compliance and Privacy Thursday, officials said some customers’ credit card information might have been “compromised” because of the cyber attack, and they’re contacting students to determine whether they were affected. The email states Herff Jones has worked to remove unauthorized access to students’ payment information, while law enforcement and security experts help investigate the incident.
“We take very seriously any situation that could compromise our students’ data,” the email reads. “Based on information GW has received from the Herff Jones company, this incident is being thoroughly investigated by its internal and third-party security experts, who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate potential impact.”
Officials are working with the company “to determine the extent” of compromised information and who was affected, according to the email.
“The company has committed to directly contacting those individuals in a timely manner,” the email reads. “We encourage our graduates and family members to be vigilant in monitoring payment card account statements and credit reports for instances of unauthorized activity.”
University spokesperson Crystal Nosal declined to comment on the incident, deferring to the statement provided in the email.
Students posted about the data breach on the “Overheard at GW” Facebook page earlier this week, sharing that they were unaware of the cyber attack without any prior notice from the company or the University until Thursday. Some students said they canceled their credit cards after finding fraudulent charges on their accounts.
Delaney Clark, a senior majoring in international affairs, said her bank flagged an unknown $4,500 payment made at the Dior store in Chicago last week, and she realized her information was stolen in the breach after seeing social media posts from other students. Before receiving the University’s email Thursday, Clark said she’s looking to replace the credit card she canceled after Wells Fargo reported fraud on her account.
“That’s why they notified me, because they declined the transaction,” she said. “And I thought it was spam at first because I got a text, but then I saw that I also got an email notification from Wells Fargo. So then I looked into it, and I didn’t see anything like in my bank app account, so I had to call them and then they, flagged the transaction, and then I had to close my credit card.”
Clark said although she ordered her cap and gown in March, it wasn’t until last week that her commencement attire was shipped and her card information was stolen. She said students couldn’t order caps and gowns from any other vendor for commencement.
“I haven’t heard anything from Herff Jones, and it’s taken forever for my cap and gown to ship anyway,” she said “So I don’t know if that was like an internal problem also involving the data breach.”