Security breach found in credit fraud

After partnering with an external security company, Trustwave, to further investigate the recent credit and debit card frauds, the College at Brockport announced Friday, April 25 that the data breach has been identified.

Trustwave ran a forensic analysis of the network and data to attempt to locate the problem.

"As of [Friday,  April 25] the malicious program has been removed from our server and the network breach has been closed," said David Mihalyov executive director for public and government relations at Brockport.

The college was first made aware of the fraud situation Thursday, April 12, after students and faculty learned that many of their accounts had been compromised.

Faculty and students reported having unauthorized charges on their cards with amounts ranging from $20 to $500. These charges were made both nationally and internationally.

The college later learned that the numbers from compromised cards came from anyone who used a credit or debit card at a Brockport Auxiliary Service Corporation (BASC) facility between March 1 and April 13.

BASC facilities campus-wide had all credit and debit card transactions suspended Friday, April 13.

Mihalyov said this suspension will remain for the rest of the semester to ensure further security.

Students and faculty are encouraged to monitor their bank accounts for any suspicious charges and report any cases to University Police (UP) by visiting them in Lathrop Hall or calling them at 395-2226.