Michigan State sent out an email to just under 350 people yesterday notifying them that Title IX case files from Michigan State were a part of a data breach of Bricker and Eckler Law Firm, which assisted in Michigan State’s Title IX investigations, Michigan State’s Title IX Communications Manager Christian Chapman said.
Bricker and Eckler is an Ohio law firm that is the parent company of INCompliance Consulting, which was hired by the University to assist in Title IX investigations and hearings.
Chapman said that because of the investigations into Larry Nassar's abuse, the university was required to work with external investigators to help process cases that were working for policy violations, which could include cases surrounding relationship violence and sexual misconduct as well as anti-discrimination policies.
"INCompliance is the entity that we work with on some of those external investigations," Chapman said. "Bricker and Eckler is their parent company or law firm, so to speak.”
Bricker and Eckler underwent a ransomware attack between Jan. 14 and Jan. 31, which leaked personal information from its clients, including information from INCompliance Title IX investigations that they were a part of at Michigan State.
“So just to be completely clear, none of the MSU systems were accessed,” Chapman said. “It was just the Bricker and Eckler systems and the cases that they handled from MSU. So a small subset. It was less than 350 people affected. And the type of information were case files.”
She said that only six people in Michigan State investigations had personal information leaked in the breach.
According to a statement on Bricker and Eckler’s website, they have retrieved the information from the attack and are working to delete all data in the leak. They said they do not believe that the information was copied or retained and has notified all people who were impacted by the leak.
Chapman said that none of Michigan State’s systems or resources have been affected by the leak and will continue to operate as usual.
“Our systems are secure and have not been impacted,” said Chapman. “And it will not impact any cases that are happening on MSU's end.”
Chapman said that they will have a list of confidential resources available to anyone that was impacted by the breach and will answer any further questions about the incident that are submitted to the Office for Civil Rights and Title IX Education and Compliance mailbox.
Confidential Resources at MSU:
Share and discuss “Michigan State Title IX case files leaked in consulting data breach” on social media.