Computer hackers have managed to hack the database servers of the Michigan State University and attempted to extort the institution.
Michigan State University Extorted By Computer Criminals
Computer criminals have managed to successfully hack into the servers that power the Michigan State University (MSU) and have breached their database severs. According to the security reports this has resulted in the harvesting of around 400 000 student and employee records. The hackers then tried to monetize their efforts by extorting the academic institution.
The university reported the data breach on November 13 when several unauthorized users were able to access the server. The official press release to the public reads the following:
Michigan State University has confirmed that on Nov. 13 an unauthorized party gained access to a university server containing certain sensitive data.
The database, which contained about 400,000 records, included names, social security numbers and MSU identification numbers of some current and former students and employees. It did not contain passwords or financial, academic, contact or health information.
The report states that only about 449 records were confirmed to have been accessed. There is no concrete evidence that the hackers were able to retrieve other records. However the university offers all individuals free credit monitoring to ensure that their finances are not manipulated. The 400 000 individuals include faculty, staff and students who were employed by MSU between 1940 and November 13 2016. The other group of affected users include enrolled students between 1991 and 2016.
The law enforcement agencies advice and encourage all current and former students and employees to be very vigilant for any potential incidents related to fraud and identity theft. Representatives from MSU reported that the hackers attempted to extort the institution after the breach.
This is the second breach that occurred at the Michigan State University this year. The last reported incident was in October.
Mys7erioN which is the alias which the hacker uses published on Pastebin information about the database as well as its contents. This includes the following information entries – names, account credentials, phone numbers, emails and their encrypted passwords.
Other hacks were made in 2012 when a hacker leaked 1500 records from the university. In 2013 another criminal was able to modify banking information of MSU employees using stolen credentials.
For more information you can read MSU’s public statement here.