Michigan State University has confirmed that on Nov. 13 an unauthorized party gained access to a university server containing certain sensitive data.
The database, which contained about 400,000 records, included names, social security numbers and MSU identification numbers of some current and former students and employees. It did not contain passwords or financial, academic, contact or health information.
Of those records, 449 were confirmed to be accessed by the unauthorized party. The affected database was taken offline within 24 hours of the unauthorized access.
MSU’s Information Technology team rapidly determined the cause and nature of the breach, and the MSU Police Department is working diligently with federal law enforcement partners to investigate the crime.
Only 449 records were confirmed to be accessed. There is no evidence unauthorized individuals retrieved the other records; however, as a precaution MSU is reaching out directly to all individuals who may be affected by this criminal act to offer free credit monitoring. The 400,000 individuals include faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, or were students between 1991 and 2016.
MSU police encourage all current and former students and employees to remain vigilant for potential incidents of fraud and identify theft. Report any unauthorized or suspicious activity to police immediately, reference MSU Police incident report 1658103881.
In addition, MSU is continuing to work with national experts to improve overall campus security. IT officials also are accelerating implementation of MSU’s existing plan for increased security.
Questions about the data breach should be directed to https://www.msu.edu/datasecurity or toll free at 1-855-231-9331.