x
Breaking News
More () »

Cap and gown company data theft exposes payment information of graduating seniors

Word spread quickly among graduating students across the country who ordered from Herff Jones after they noticed suspicious activity on their accounts.
Credit: mnirat - stock.adobe.com

A company that provides caps and gowns for graduation ceremonies said Tuesday it is apologizing after an apparent data theft exposed the payment information of some graduating university seniors. The revelation came after several students across the country started noticing strange bank activity and lamented that they had not been warned their accounts might be at risk.

The company is Indianapolis-based Herff Jones, which on its website says it provides "class rings and jewelry, caps and gowns, yearbooks, diplomas, frames and announcements..."

The University of Houston student newspaper, The Cougar, cited reports from students there who have been discussing on social media what happened to them. One student, Mariah Ochoa, told The Cougar her account ended up being frozen. Students also alleged that neither the university nor Herff Jones issued any statement or warning about it.

“Graduation has been such a difficult process, which leaves a lot of us with unanswered questions. On top of that, now there’s a data breach? And no one is notifying us?" Ochoa reportedly said.

It wasn't just Houston. A post on a Purdue University subreddit said "After conversing with multiple seniors, we’ve (my roommates and I) come to the conclusion that the overpriced rental cap and gown company is leaking credit card information. To all seniors participating in commencement this semester, watch your bank statements."

Towson University in Maryland urged students who bought a cap and gown to monitor their accounts and credit reports, WJZ in Baltimore reported.

A Herff Jones spokesperson said in a statement that it recently became aware of suspicious activity involving customers' payment information.

"We promptly launched an investigation and engaged a leading cybersecurity firm to assist in assessing the scope of the incident. We have taken steps to mitigate the potential impact and notified law enforcement," the spokesperson said, adding that its investigation revealed that some information had been stolen but did not specify how how many people were affected.

"We sincerely apologize to those impacted by this incident. We are working diligently to identify and notify impacted customers," the spokesperson said. 

The company says those impacted can contact customer service by calling 855-535-1795 between 9 a.m. and 9 p.m. EDT Monday-Friday.

Related

T-Mobile says some customer information accessed in data breach

Before You Leave, Check This Out