It’s graduation month in the U.S. and final year students are ecstatic since they will finally get to celebrate with the tradition of heaving their graduation caps into the air. But aren’t we still in the middle of a pandemic? So, how would that be possible? Well, the situation is turning the corner in the U.S. The Centers for Disease Control and Prevention (CDC) has announced that “fully vaccinated people don’t need to wear face masks indoors or outdoors in most settings.” As per the recent reports, the U.S. has roughly inoculated 116 million American citizens (with both doses), which is 45.1% of the total U.S. adult population of age 18 or more until May 12, 2021. However, for some graduates, the joy of dawning their academic regalia and posing for pictures has turned into a nightmare as a well-known company, Herff Jones, which provides graduation day apparel and accessories, reported a data breach.
The Herff Jones Payments Card Breach
Universities and educational institutions in the U.S. have been targeted largely in the past few years owing to online learning. However, the Herff Jones payment card breach incident is probably the first time that students at multiple universities have been reportedly targeted through an apparel and accessories service provider.
The incident first came to light when graduation students started reporting fraudulent transactions being made through their payment cards. Initially, few students from specific universities were targeted, however, alert flags were being raised from institutions of other states. On closely monitoring the situation, two common links between all these attacks were found: first, these were all final year students, and second, and probably the most important, they had made a purchase from Herff Jones.
The company was unaware of the data breach until victims started tagging them on social media, using the company handles. One of the victim students on a Reddit discussion forum said, “Someone just bought a PS 5 with my card info and I respect the hustle.” While most of the fraudulent transactions ranged between $80 to $1,200 (owing to the limit cap on students’ payment cards) some others also reported transactions of $4,000 and more.
The majority of these transactions came from students from Indiana (Purdue, IU), Boston, Maryland (Towson University), Houston (UH, UHD), Illinois, Delaware, Michigan, Wisconsin, Pennsylvania (Lehigh, Misericordia), New York (Cornell), Arizona, North Carolina (Wake Forest), Florida (State University), and California (Sonoma State).
Herff Jones Accepts “Theft” of Information
In a statement released by Herff Jones, the company confirmed that it had “identified theft of certain customers’ payment information,” and was working towards fixing it at the earliest with the help of “a leading cybersecurity firm.” It further added that due diligence was being done to avoid such incidents in the future and respective law enforcement authorities were also informed to gain their expertise in understanding the scope and depth of the data breach.
Additionally, Herff Jones has set up a dedicated customer service team, which can be reached at 855-535-1795 for any further assistance.