Cybersecurity: Capital One Data Breach and Phishing Scam Targeting Students

Capital One data breach

On Monday July 30, Capital One announced a data breach that affected approximately 100 million customers. The incident exposed personal information including home addresses, phone numbers, self-reported incomes, and email addresses (along with Social Security Numbers, credit scores, and credit card transaction information for a subset of customers). More information about the Capital One breach can be found at Information on the Capital One Cyber Incident.

Unfortunately, this is only the latest in a long series of massive data breaches that may have exposed personal and financial information of Stanford community members. In this era where personal information is readily available to criminals, the best way to protect yourself is to:

1. Proactively freeze your credit
2. Enable two-factor authentication for all online accounts that offer it
3. Use a password manager to generate strong and unique passwords for each of your online accounts (Stanford offers one free to all faculty, staff, and students)
4. Reduce or eliminate the need to use your Stanford password with the new Cardinal Key service
5. Enroll in Stanford’s identity theft protection service (free to all benefits-eligible employees)

Learn more about identity theft and how to avoid it at the Information Security Office’s Identity Theft webpage

Part-time job offer scam

The Stanford Information Security Office (ISO) has become aware of an email-based scam that is actively targeting our student community. The way this scam works is that a student may receive an email from a person claiming to be an employer, or even a university professor, offering them a part-time job. If the student shows interest, the scammer requests their personal and financial information. The student is informed that certain supplies or software will need to be purchased before the job can commence. The scammer then sends the student a fake check to cover the required materials with instructions to deposit the check into their personal bank account. After depositing the check, the student is instructed to use the funds to purchase gift cards and send images of the gift card codes to a third party for the acquisition of the required materials. The bank will eventually determine that the check is fraudulent, and since the funds were already withdrawn and used to send the scammer gift cards, the student is left without a job or the money spent. To learn more about this scam, see the FBI’s Internet Crime Complaint Center article Employment Scam Targeting College Students Remains Prevalent.

If you receive an email suspected to be a scam, please forward it to spam@stanford.edu. Submitted messages are analyzed by ISO, and actions are taken to protect Stanford and other recipients.

Phishing continues to be the single greatest threat to our privacy and security today. As part of the university's multi-pronged strategy to combat this threat, ISO operates a Phishing Awareness Program that periodically sends simulated phishing messages to all employees. This program has proven to be effective in raising awareness and better equipping employees to recognize phishing messages.