Sunday, September 20, 2020

MSU online store hacked, 2,600 customers affected

August 11, 2020
<p>Computer science and engineering freshman, Nikit Parakh, works in a computer lab in the Engineering Building on Jan. 23, 2020.</p>

Computer science and engineering freshman, Nikit Parakh, works in a computer lab in the Engineering Building on Jan. 23, 2020.

Photo by Alyte Katilius | The State News

Hackers gained access to the information of about 2,600 customers who shopped at Michigan State's online store, according to a statement from MSU officials.

MSU Interim Chief Information Security Officer Daniel Ayala said officials' top priority is preventing any further exposure of customer information, according to the statement.

“The security of our IT systems and those who use them are of paramount importance to MSU," Ayala said. "We are deeply sorry and understand the concern of those affected. We are working around the clock to make it right."

The information accessed included names, addresses and credit cards of customers between Oct. 19, 2019, and June 26, 2020. However, the statement explained no Social Security numbers were compromised.

Hackers were able to gain access to customer information due to a vulnerability in the website, according to the statement. The vulnerability has been addressed and MSU officials are working with law enforcement to complete the investigation.

MSU Police Department Captain Chris Rozman said the department has been notified of the breach and are taking proper steps to address it.

"I can confirm that the MSU Police Department was made aware of the data security incident involving a third-party vendor that MSU utilizes for payment information. We promptly forwarded the information to our federal law enforcement partners who are better positioned to investigative this type of cyber-enabled crime." Rozman said in an email.

MSU officials notified those affected by the breach today, offering free credit monitoring and identity protection, as well as advice to further protect their information.

Administrators of MSU's online store will undergo advanced training to ensure all security measures are met in the future, the statement said.

As for consumers, the statement recommends deleting files and data when done, creating effective passwords and being aware of phishing emails.

Those who believe they may have been affected by the breach and have not received notification from the university by Aug. 30, are encouraged to call 517-355-1855.

Editor's Note: This story was updated to include a comment from MSUPD Captain Chris Rozman.

Discussion

Share and discuss “MSU online store hacked, 2,600 customers affected” on social media.