Crooks hacked the Michigan State University breaching into a database containing 400,000 student and employee records, then tried to monetize the efforts attempted to extort the organization.
Michigan State University reported the data breach occurred on November 13 when an unauthorized party accessed into a server of the organization.
“Michigan State University has confirmed that on Nov. 13 an unauthorized party gained access to a university server containing certain sensitive data.
The database, which contained about 400,000 records, included names, social security numbers and MSU identification numbers of some current and former students and employees. It did not contain passwords or financial, academic, contact or health information.” reported the Michigan State University.
Of those records, 449 were confirmed to be accessed by the unauthorized party. The affected database was taken offline within 24 hours of the unauthorized access.”
The records accessed by the hackers contain personal information of current and former students and employees, including names, social security numbers, MSU identification numbers, and dates of birth.
The MSU Police Department confirmed that is investigating the case with federal law enforcement authorities.
The database includes information as far back as 1970, the Michigan State University highlighted that passwords, financial information, and contact details were not included in the archive.
The university said it took the affected database offline within 24 hours after discovering the breach and it determined that only 449 of the records have been accessed by the hackers.
“At Michigan State University, we are committed to data and privacy protection. Regrettably, we were recently the target of a criminal act in which unauthorized users gained access to our computer and data systems. Information security is a top priority of our university, and we know the frustration this is causing members of our community.” said President Lou Anna K. Simon. “Only 449 records were confirmed to be accessed within the larger database to which unauthorized individuals gained access. However, as a precaution, we will provide credit monitoring and ID theft services for any member of our community who may have been impacted by this criminal act. We also will continue to work diligently in our efforts to protect the integrity of our data systems and improve the security of information that is entrusted to us.”
Representatives from the University told Fox47News that the hackers attempted to extort the organization after breached in their database.
This is the second time that the Michigan State University was hacked this year.
In October, the hacker Mys7erioN told me to have hacked into the Michigan State University.
As proof of the hack, Mys7erioN published on Pastebin the records of the table containing user data, including ‘user,’ including names, logins, phone numbers, emails published and encrypted passwords.
Mys7erioN was scanning some websites when discovered an SQL injection vulnerability.
In 2012, a hacker leaked 1,500 records from the University and in 2013, the University confirmed that hackers modified employee banking information using stolen credentials.
(Security Affairs – Michigan State University, data breach)