Michigan State University has been hit by a widespread data breach impacting hundreds of entities who use a particular software program, potentially exposing community members’ data.
Michigan officials announced Wednesday that third-party service providers National Student Clearinghouse and Teachers Insurance and Annuity Association of America were affected by the recent MOVEit data breach. The large-scale data breach was conducted by a foreign-based ransomware group called Clop, which reportedly exploited a security flaw in the MOVEit Transfer software.
Hackers were able to compromise large numbers of MOVEit software’s customers, including federal and state agencies, financial services organizations, and numerous others. No information has been revealed about whether the hackers could access personal information.
Officials say Clop, instead of contacting the organizations that it had hacked, posted a blackmail message on the dark web where they instructed victims to contact them directly.
It has been approximated that over 500 entities and 30 million individuals in the United States have been impacted by the data breach.
“This was a global data breach that has reached over 500 entities and into the personal information of over 30 million Americans, and now it is confirmed to have crept onto campus at MSU,” said Michigan Attorney General Dana Nessel. “These kinds of attacks are becoming more common and wider-reaching, and the broad community of MSU students, staff, and retirees should take very seriously any indication that their data was stolen. Any Michigan resident who believes their information might have been compromised or that they are the victims of identity theft can contact the consumer protection team in my office.”
Nessel has encouraged Michigan consumers to protect their information -- click here for ways to do that.
MSU information technology and security experts recommend employees, students, and the public take the following actions to best protect themselves during a breach:
- Be aware of the possibility of phishing emails.
- Create effective passwords.
- Use multifactor authentication on devices and accounts whenever possible (this is already required for most MSU logins).
- Do not maintain data and files that are not needed.
- Pull a free credit report annually. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting the Annual Credit Report website or by calling toll-free 877-322-8228.
To file a complaint with the Attorney General, or get additional information, fill out on online complaint form here, or contact:
Consumer Protection Team
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388