Brian Krebs reports:
Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, KrebsOnSecurity.com has learned.
The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public liberal arts college located in the town of Wise in southwestern Virginia.
[…]
According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.
Read more on KrebsOnSecurity.
Keith Appleyard comments on the breach over on Finextra:
…. Whereas, because of a £10,000 per day limit on my UK Online Banking via BACS, when I was transferring £125,000 yesterday via CHAPS, RBS called up our dual Signatures on File, checked my Passport & Debit Card, and recorded me on CCTV. I was happy that they had done their due diligences.
Times like this prove that automated chaos is just faster chaos. Why would the University of Virginia not have arranged for a limit on their Online Banking Account – say $100,000?