MSU says data breach of third party vendor impacts hundreds
Michigan State University said it has been informed by E-commerce vendor Volusion, which provides online payment processing to thousands across the country, of a nationwide data breach.
The university said it was informed that the data breach "impacted less than 300 customers who processed credit card payments for good through shop.msu.edu between Sept. 7, 2019 and Oct. 8, 2019."
“While there was no breach to Michigan State University’s networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information,” said MSU Chief Information Officer Melissa Woo. “We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action.”
Volusion said it informed the FBI once it learned about the breach and began an investigation to determine the impact, including identifying information exposed and the number of consumers affected, according to a news release.
Volusion informed MSU that the compromised information does include names, phone numbers, addresses, credit card numbers, CVVs and expiration dates for those cards. It said social security numbers were not exposed.
Woo said the university is currently working to identify an alternative third-party payment solution for its online store.
MSU IT experts provided the following information to help consumers protect themselves during a breach:
-Use two-factor authentication on your online accounts whenever possible
-Determine what personal information was exposed
-Pull a free credit report. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting
or calling toll-free 877- 322-8228
-Put a fraud alert on your credit file with the Federal Trade Commission; and
-Contact your financial institution to inform them that your credit card may have been compromised.