Shortly after graduating, the American University Class of 2021 was notified that their payment cards may have been compromised. Herff Jones, the vendor where graduates purchased their caps, gowns and other graduation attire, experienced a cyberattack resulting in fraudulent activity on some graduates’ payment account cards.
Steve Munson, AU’s vice president and chief information officer, notified graduates about the hack in an email on May 11.
“The company tells us that it is investigating this matter and does not yet know if any AU students have been affected,” Munson said in a statement to The Eagle. “Out of an abundance of caution, we wanted to share this information with AU graduates and encourage them to monitor their credit card statements. Herff Jones has indicated it will be in touch with impacted individuals when it completes its investigation into the matter.”
According to Lisa Stark, a University spokesperson, AU was notified of the breach on May 6. While AU does not play a role in how Herff Jones will address the incident, the University has been told that the breach is being investigated by internal and third-party security officers, that their systems have been strengthened and that they have terminated unauthorized access to payment card information.
“As we indicated in our message to students, the University does not have a role to play in Herff Jones’ response to the cyberattack,” Stark said. “However, we will continue to share any updates from Herff Jones on their work to resolve the situation.”
Recent graduate Tiger Mar purchased a cap and gown from Herff Jones and was notified by his bank of possible fraudulent activity on his credit card on May 11, the same day AU notified graduates of the cyberattack.
“The charges that were posted that were unusual were Uber charges and just big ones, and I never used that card for Uber… and they refer to charges for hundreds of dollars,” Mar said. “It just seemed a little out of place. I was fortunate that I was notified rather than having to go back and find out on my own volition that [Herff Jones was] targeted.”
Kaela Roeder, another 2021 graduate, also had her credit card information hacked. The fraudulent charges on her card occurred in April, but she was not able to connect Herff Jones as the source until she received the general email to graduates from Munson.
“I was on the phone with the bank for like two hours trying to figure it out and get it settled,” Roeder said. “It was kind of frustrating, and it was a little scary, honestly, because I had no idea what had happened at the time and how my credit card could have been stolen.”
Since her credit card was new at the time of the charges, Roeder suspects that the source of the hack was when she gave her information to Herff Jones, as the only other purchase she made with the card was to refill her MetroCard.
Both Mar and Roeder have yet to be contacted by Herff Jones about their stolen information, despite being in communication with AU and their banks.
“I’m glad that [AU’s] email was as widely publicized as it was, and it got some traction on social, too,” Mar said. “Just because I think there’s probably a segment of people that don't check their email very often.”
