Cyber Incident Victim: Herff Jones

In May 2021, a data breach at Herff Jones, a vendor supplying graduation caps and gowns to the University of Houston, compromised students' banking information. The incident came to light when Mariah Ochoa, a psychology senior, publicly disclosed on Twitter that her debit card information had been stolen on May 9, 2021. Ochoa reported receiving direct communication from her bank alerting her to the compromise, though no unauthorized transactions had occurred on her account at that time. She had placed her order with Herff Jones in February or March 2021 through the company's standard purchasing process. Multiple University of Houston students responded to Ochoa's social media post with similar accounts of their payment card information being compromised, indicating a broader pattern of unauthorized access to financial data tied to Herff Jones transactions.

The breach directly exposed sensitive payment card details used by students to purchase graduation attire through Herff Jones' systems. While no fraudulent withdrawals or charges were confirmed in Ochoa's case, the compromise necessitated bank-level security interventions to prevent financial loss. As of May 10, 2021, Herff Jones had not published any official notice about the incident on its corporate website or through other public channels. DataBreaches.net initiated contact with the company seeking details regarding the breach's scope, root cause, and affected population but received no immediate response. The lack of public acknowledgment by Herff Jones left students without direct guidance from the vendor regarding potential risks or protective measures related to the data exposure.