UPDATE: MSU spokesman says hack was an extortion attempt

By  | 

EAST LANSING, Mich. (WILX) -- UPDATE 11 p.m. 11/18/16
Michigan State University said in a statement that it will notify everyone who might have been affected by a breach of a database containing personal information about 400,000 current and former students and staff.

Many students say they had not even heard of the breach Friday evening. "I had heard absolutely nothing about this data breach until you just told me, so that's kind of spooky," freshman Emma Ward said in an interview. She says she's worried about her information now that she has heard about the hack.

"I'm just very worried about what the university's doing about that, but I also trust them, I feel like they will definitely take actions to help everyone out and make sure everything's as safe as possible," Ward said.

"I don't think it's the university's fault because they got hacked, people get hacked all the time, but I'd be a little upset," freshman Danielle Coluccy said of the possibility that her information could have been affected. She says that since MSU says only 449 records were accessed of the more than 400,000 in the database, she is hopeful that her information is safe.

Michigan State University spokesman Jason Cody tells News 10 that the hacker or hackers asked the university for money.

Cody did not say how much money the hacker or hackers asked for, but did say that MSU did not pay it.


Michigan State University has confirmed that on November 13, there was a data breach by an unauthorized party of a university server that contained sensitive data.

The database, which contained about 400,000 records, included names, social security numbers and MSU identification numbers of some current and former students and employees. It did not contain passwords or financial, academic, contact or health information.

Only 449 records have been confirmed to have been accessed by the unauthorized party. The database affected by the breach was taken offline within 24 hours of the unauthorized access. MSU says their IT team quickly found the cause of the breach, and the MSU Police Department is working with federal law enforcement agencies to investigate.

MSU says there is no evidence that the breach affected any other records, but they are reaching out directly to all the people who may be affected by the breach to offer free credit monitoring.

MSU President Lou Anna K. Simon posted a message on the university's data security web page, saying “At Michigan State University, we are committed to data and privacy protection. Regrettably, we were recently the target of a criminal act in which unauthorized users gained access to our computer and data systems. Information security is a top priority of our university, and we know the frustration this is causing members of our community.

We have a deep sense of obligation to our MSU family, and we are taking aggressive action to protect any personal information that may have been compromised. Only 449 records were confirmed to be accessed within the larger database to which unauthorized individuals gained access. However, as a precaution, we will provide credit monitoring and ID theft services for any member of our community who may have been impacted by this criminal act. We also will continue to work diligently in our efforts to protect the integrity of our data systems and improve the security of information that is entrusted to us.”

The 400,000 records that were on the server include faculty, staff, and students who were employed by MSU between 1970 and Nov. 13, 2016, or were students between 1991 and 2016.

MSU Police are asking any current and former students and employees to watch their personal and financial information for potential fraud or incidents of identity theft. They ask anyone who notices suspicious or unauthorized activity to police immediately, referencing MSU Police incident report 1658103881.

MSU says they are working with national experts to improve campus security, and IT officials are also speeding up plans to implement MSU's plan for increased security.

Questions about the data breach should be directed to https://www.msu.edu/datasecurity or toll free at 1-855-231-9331.

Comments are posted from viewers like you and do not always reflect the views of this station. powered by Disqus