Hackers attempted to extort Michigan State University after gaining access to a database containing 400,000 student and employee records. The organization believes that only a few hundred records have actually been stolen by the attackers.
MSU reported on Friday that an unauthorized party breached one of its servers on November 13. The attacker accessed a database containing 400,000 records, including names, social security numbers, MSU identification numbers and dates of birth of current and former students and employees.
The exposed information dates as far back as 1970. MSU pointed out that passwords, contact details and financial information were not stored in the affected database.
The university said it took the affected database offline within 24 hours after discovering the breach and it determined that only 449 of the records have been accessed by the hackers.
Affected individuals have been offered two years of free identity protection and fraud recovery services. The incident is being investigated by the MSU Police Department in collaboration with federal law enforcement authorities.
Michigan State University representatives told Fox47News that the hackers attempted to extort the organization after gaining access to the database. It’s unclear how much money they wanted, but the university said it refused to pay up.
This is not the first time MSU has suffered a data breach. In 2012, a hacker leaked roughly 1,500 records allegedly stolen from the university’s systems and, in 2013, the organization admitted that hackers modified employee banking information using stolen credentials.
According to DataBreaches.net, a hacker recently leaked contact information and credentials allegedly stolen from MSU. The hacker published the data in late October and the incident does not appear to be related to the November 13 breach.
Related Reading: University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack
Related Reading: Data Breach at UC Berkeley Impacts 80,000
Related Reading: Hackers Breach University of Virginia HR System
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
