Pacific Region Memo July 7, 2017
Collin T Tomikawa
Pacific Region,
I wanted to update you on what we know about the email phishing* attack, what actions have been taken and how we will proceed.
Email phishing attack
We know that it is a sophisticated group of hackers who target organizations in Workday. Their intent is to convince employees to reveal their system password. Once in the system, the hackers reroute pay check deposits to a new bank account with the hopes that no one will catch it until after pay day. The impact as we understand it:
- 63 staff had their email accounts’ exposed
- 28 staff of the above list also had bank data changed
Our IT Services team was monitoring activity in Workday and saw the change to bank routing information. They called the staff impacted to verify if the person had made that change. Once we knew it was the hackers, we shut down Workday and all of the systems with InterVarsity employee personal data. Our donor data is in a different system and was NEVER threatened.
For those staff who use intervarsity.org as their primary email, we were able to delete the phishing email. The Finance and Administration team has contacted the sixty-three staff who were exposed including advising those who need to take further steps to protect bank data.
Next steps:
We are working with the Workday consultants to have bank routing information protected. This would be consistent with the other data that is blacked out including our social security and purchasing card information.
Watch for phishing emails: New phishing emails are continuing to come our way. Look for markers that something is off: Not our brand, not our vernacular, not our spelling of InterVarsity. If you ever have a question, please contact our helpdesk before proceeding.
Never provide InterVarsity password: not over email, not in a link, etc. Not even if Tom Lin asks you to!
We are so grateful to our IT Services team who have been working diligently on our behalf. They are fluent in Workday security and have accessed the best of what the system provides. God is good! We caught the scam before pay day, we contained it to a small group of staff, and no donor information was compromised.
We will keep you up to date when we are ready to reopen Workday.
Grateful for your patience and prayers,
Collin
*phishing: “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."