MSU just confirmed unauthorized access to online store
EAST LANSING, Mich. (WILX) - Michigan State University’s online store, shop.msu.edu, was accessed by an unauthorized user who placed malicious code on exposed shoppers’ credit cards, according to the university.
They say the hack took place between Oct. 19, 2019 and June 26, 2020.
The intrusion was possible because of a vulnerability in the website which has since been addressed. University officials said that once they became aware of the breach, the their information security team promptly corrected the vulnerability. No Social Security numbers were compromised and MSU is currently working with law enforcement in the investigation.
“Our top priority is preventing any further exposure of consumers’ information by sharing resources and tools to help protect them from these cyber criminals,” MSU Interim Chief Information Security Officer Daniel Ayala said. “The security of our IT systems and those who use them are of paramount importance to MSU. We are deeply sorry and understand the concern of those affected. We are working around the clock to make it right.”
The university has begunn notifying all potentially affected individuals of the breach today.
“MSU has invested heavily in information security and will continue to do so,” Ayala said. “But investment alone is not enough. We must also continue to educate our campus employees and our broader community. We are recommitting ourselves to that important work, which is critical to protecting all those who use our systems in today’s highly technological society.”
Administrators of the affected website will be required to undergo advanced training to ensure they are adhering to all appropriate security measures.
If consumers believe they may have been impacted by this incident and have not received an official notice from the university by Aug. 30, they are encouraged to call the university at 517-355-1855.
Copyright 2020 WILX. All rights reserved.