Michigan State University (MSU) has confirmed that on Nov. 13, 2016, an unauthorized party gained access to a university server containing certain sensitive data.
The database, which contained about 400,000 records, included names, social security numbers, MSU identification numbers, and in some cases, date of birth of some current and former students and employees, school authorities confirmed.
Specifically, the hack affected the data of all faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, and that of students who attended MSU between 1991 and 2016, school authorities stated.
According to MSU, the database did not contain passwords, financial, academic, contact, gift or health information. Of those records, 449 were confirmed to be accessed by the unauthorized party. The affected database was taken offline within 24 hours of the unauthorized access.
“At Michigan State University, we are committed to data and privacy protection. Regrettably, we were recently the target of a criminal act in which unauthorized users gained access to our computer and data systems,” said MSU President Lou Anna K. Simon in a prepared statement.
The university has offered to pay for two years of identity theft protection, fraud recovery, and credit monitoring for affected individuals.
“…we will provide credit monitoring and ID theft services for any member of our community who may have been impacted by this criminal act. We also will continue to work diligently in our efforts to protect the integrity of our data systems and improve the security of information that is entrusted to us,” added Simon.