A July 17 data security incident has potentially left the personal information of some current and former Loyola employees at risk.
An unknown individual accessed a PC within the Human Resources department displaying confidential information, including the personal information of employees, Loyola communication specialist Evangeline Politis said in a statement to The Phoenix.
According to Politis, those affected include both current and former university employees. Students employed by the university during 2016 are potentially at risk as well.
An investigation by Loyola’s Information Technology Services security team began shortly after the incident, Politis said.
According to Politis, the university is unaware of what — if anything — the individual did with the information.
“To date, Loyola has no evidence that personal information was actually seen or whether information has been or may in the future be used fraudulently,” Politis said.
The university began notifying affected employees July 26 through an email obtained by The Phoenix.
The email, signed by Winifred Williams, vice president of human resources, described the circumstance and detailed the action being taken by the university.
According to Williams, Loyola is providing complimentary credit monitoring services for all employees possibly impacted.
“Please be assured that the incident is under review and we will take appropriate steps to help prevent a future recurrence,” Williams said.
Politis added the university is considering additional safeguards to avoid a recurrence, including security awareness training and additional technology measures.
If implemented, the new security awareness training will encompass all employees. Videos, interactive training and assessment and additional training for departments with access to confidential information are potential options, Politis said.
The incident is the most recent online security issue Loyola has faced. The university has experienced a high volume of phishing emails intended to obtain students’ university ID and password over the past year as well.
In November, The Phoenix reported about 2,000 student and faculty emails had been compromised due to phishing emails since April 2017. Since November, phishing has continued with students and staff receiving emails cloaked as different members of the community, including President Jo Ann Rooney and Loyola basketball star Marques Townes.
Politis was unable to provide the number of current and former employees affected, citing the Illinois Personal Information Protection Act.
This post has been updated to represent the specific statute and time period of student employment referenced by Politis.