Connect with us

Hi, what are you looking for?


Data Protection

400,000 Records Exposed in Michigan State University Breach

Hackers attempted to extort Michigan State University after gaining access to a database containing 400,000 student and employee records. The organization believes that only a few hundred records have actually been stolen by the attackers.

Hackers attempted to extort Michigan State University after gaining access to a database containing 400,000 student and employee records. The organization believes that only a few hundred records have actually been stolen by the attackers.

MSU reported on Friday that an unauthorized party breached one of its servers on November 13. The attacker accessed a database containing 400,000 records, including names, social security numbers, MSU identification numbers and dates of birth of current and former students and employees.

The exposed information dates as far back as 1970. MSU pointed out that passwords, contact details and financial information were not stored in the affected database.

The university said it took the affected database offline within 24 hours after discovering the breach and it determined that only 449 of the records have been accessed by the hackers.

Affected individuals have been offered two years of free identity protection and fraud recovery services. The incident is being investigated by the MSU Police Department in collaboration with federal law enforcement authorities.

Michigan State University representatives told Fox47News that the hackers attempted to extort the organization after gaining access to the database. It’s unclear how much money they wanted, but the university said it refused to pay up.

This is not the first time MSU has suffered a data breach. In 2012, a hacker leaked roughly 1,500 records allegedly stolen from the university’s systems and, in 2013, the organization admitted that hackers modified employee banking information using stolen credentials.

Advertisement. Scroll to continue reading.

According to, a hacker recently leaked contact information and credentials allegedly stolen from MSU. The hacker published the data in late October and the incident does not appear to be related to the November 13 breach.

Related Reading: University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack

Related Reading: Data Breach at UC Berkeley Impacts 80,000

Related Reading: Hackers Breach University of Virginia HR System

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.