On the morning of Jan. 3, SIU doctorate student Genesis Atencio noticed multiple hard pulls on her husband’s credit score, an authorization that occurs when one applies for new credit. Atencio said they hadn’t applied for any credit in around four years, but looking into their report, an account had been opened with Synchrony Bank.
A few days later, Atencio was hanging out with a friend and fellow student, who mentioned a similar situation: someone had used her information to open a OnePay Walmart credit card with Synchrony Bank.
Advertisement
“I was like, hold on a minute, because OnePay looks familiar,” Atencio said. “I think I’ve gotten emails from OnePay. So I look through my own emails from my SIU Outlook account, and lo and behold, there it is, like four or five different emails that I’ve gotten over the course of a handful of months.”
A credit card in her name was approved on Jan. 8.
“I get probably three emails to my SIU account that say, hey, welcome to Walmart,” she said.
Advertisement*
Atencio was one of 16 individuals who reported this incident to SalukiTech, according to SIU Chief Information Officer Wil Clark. However, the number could be higher. Multiple Daily Egyptian employees received similar emails, and many SIU students took to social media to warn others, including some who have recently graduated.

“Cybercriminals are always trying to find new ways to steal people’s money or identity, and attempted fraud and other hazards to information security are a constant threat,” Clark said. “Every institution and organization in the U.S. must address ongoing cybersecurity issues. We have no insight into what may be occurring at other institutions.”
SIU last reported a security breach in June 2023. The university uses a third party software called MOVEIt, which typically allows for secured, managed file transfers. In late May 2023, MOVEIt had a security breach that leaked nearly 70 million individuals’ information worldwide, including those in the SIU system. Clark said the university cannot be certain if the two events are connected.
“Our current investigation does not indicate a new breach of SIU data,” he said. “It would be irresponsible to speculate on what may have occurred outside the university.”
In an email to the DE, Clark said SIU security professionals use advanced tools to detect vulnerabilities and manage potential threats. In investigating the case, they observed messages regarding OnePay that had been delivered to SIU email accounts.
“Within the SIU email system, 372 OnePay email messages matched patterns reported in the 16 cases … Out of an abundance of caution we sent the following notice to 1,547 SIU email addresses because they had one or more email messages containing the keyword OnePay in their inbox,” he said, referring to a message SalukiTech sent with recommendations for data security.
The notice said if you have been affected to take the following steps:
- Contact OnePay/Synchrony Bank
- Report the incident to the Federal Trade Commission’s Identity Theft site
- Place a fraud alert with all three credit reporting agencies: Equifax, TransUnion and Experian
- Use a free credit lock/freeze and alert tools offered by the agencies
- File a police report

“If anyone suspects phishing or other attempts at fraud, we encourage them to report it to us either through the ‘Report Message’ functionality in Outlook or by emailing [email protected],” Clark said. “If they are a victim of fraud they should report it to law enforcement.”
One DE employee who was impacted called Walmart OnePay to report identity theft and received an email the next morning that their account had been closed. A few days later, they received a letter in the mail from Synchrony notifying them that the account has also been closed.
The employee also filed a report to social security at ssa.gov/fraud/.
The Daily Egyptian reached out to Walmart and Synchrony but received no response before deadline.
Clark said his department encourages the “campus community to take cybersecurity training seriously and follow best practices to minimize their risk of becoming a victim of cybercrime.”
“Good practices include strong passwords unique to each account, being vigilant when responding to unsolicited email and reporting suspicious activity,” Clark said. “The Federal Trade Commission outlines steps individuals can take to protect their identity on its website, https://ftc.gov/idtheft.”
Digital editor Peyton Cook can be reached at [email protected] or on Instagram @cookmeavisual. Editor-in-Chief Carly Gist can be reached at [email protected] or on Instagram @gistofthestory.
Advertisement
