Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

400,000 Records Exposed in Michigan State University Breach

Hackers attempted to extort Michigan State University after gaining access to a database containing 400,000 student and employee records. The organization believes that only a few hundred records have actually been stolen by the attackers.

Hackers attempted to extort Michigan State University after gaining access to a database containing 400,000 student and employee records. The organization believes that only a few hundred records have actually been stolen by the attackers.

MSU reported on Friday that an unauthorized party breached one of its servers on November 13. The attacker accessed a database containing 400,000 records, including names, social security numbers, MSU identification numbers and dates of birth of current and former students and employees.

The exposed information dates as far back as 1970. MSU pointed out that passwords, contact details and financial information were not stored in the affected database.

The university said it took the affected database offline within 24 hours after discovering the breach and it determined that only 449 of the records have been accessed by the hackers.

Affected individuals have been offered two years of free identity protection and fraud recovery services. The incident is being investigated by the MSU Police Department in collaboration with federal law enforcement authorities.

Michigan State University representatives told Fox47News that the hackers attempted to extort the organization after gaining access to the database. It’s unclear how much money they wanted, but the university said it refused to pay up.

This is not the first time MSU has suffered a data breach. In 2012, a hacker leaked roughly 1,500 records allegedly stolen from the university’s systems and, in 2013, the organization admitted that hackers modified employee banking information using stolen credentials.

According to DataBreaches.net, a hacker recently leaked contact information and credentials allegedly stolen from MSU. The hacker published the data in late October and the incident does not appear to be related to the November 13 breach.

Advertisement. Scroll to continue reading.

Related Reading: University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack

Related Reading: Data Breach at UC Berkeley Impacts 80,000

Related Reading: Hackers Breach University of Virginia HR System

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

September 24, 2019
Quantum computing and the cryptopocalypse Quantum computing and the cryptopocalypse

Data Protection

Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

February 2, 2023
Network Security Network Security

Artificial Intelligence

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

February 21, 2023
Cybersecurity Regulations Insights Cybersecurity Regulations Insights

Compliance

Cyber Insights 2023 | Regulations

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

February 2, 2023
Threat intelligence Platforms Threat intelligence Platforms

Data Protection

How Quantum Computing Will Impact Cybersecurity

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

August 30, 2023
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
Data Protection and Privacy Firm Titaniam Raises $6 Million in Seed Funding

Cybersecurity Funding

Data Protection and Privacy Firm Titaniam Raises $6 Million in Seed Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

February 10, 2022