An unspecified number of graduating college students in the US have reported fraudulent transactions made using their credit cards after they made purchases at popular cap and gown maker, Herff Jones.
Students at Purdue, Indiana University, Towson University, Cornell, and the University of Houston said they needed to cancel their credit cards after noticing unauthorized charges.
The charges on their cards ranged from $80 to $1,200. However, one student claimed that a friend was charged $4,000.
“Someone just bought a PS5 with my card info and I respect the hustle,” one of the complainants said.
One student at Cornell revealed that the cybercriminals even used his credit card to subscribe to an adult content service.
If y’all ordered your cap and grown from @herffjones, check y’all’s bank statements. They experienced a nationwide data breach & I got my debit card info stolen ☺️ @UHouston why all y’all staying quiet???
— Ⓜ️ariah (@mariah8a) May 9, 2021
Herff Jones Taking Action
According to a Heimdal Security report, the American graduation accessories company was hacked, resulting in the theft of student credit card information.
The exact time of the security breach is still unclear, but the students reported making purchases at Herff Jones in April.
In a statement, the company issued an apology to all graduating students who fell victim to the alarming credit card breach. It said that it has begun investigating the incident with the help of a cybersecurity firm.
“We sincerely apologize to those impacted by this incident. We are working diligently to identify and notify impacted customers,” Herff Jones said.
Other US Higher Ed Hacking Incidents
Last year, a hacking incident was detected at Guilford Technical Community College. The names, Social Security numbers, and phone numbers of around 43,000 students had reportedly been taken by hackers.
The school reached out to students, faculty, and staff concerning the data breach, offering credit monitoring and identity restoration services for one year following the incident.
Another phishing attack was reported in the country in April. Several universities were hit by a ransomware group that stole and published the personal data of students and faculty members to scare schools into paying ransom money.
“The attack involves the use of Accellion, a vendor used by many organizations for file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file-transfer service,” the University of California explained.