Cyberattack steals student and personnel data from the University of Michigan
In a statement released today, the University of Michigan stated that they experienced a data breach as a result of hackers breaking into their network in August and accessing systems that contained data of applicants, employees, patients, donors, and participants in research studies.
According to the university, unauthorized access to the servers occurred from August 23 to August 27. Personal, financial, and medical information was among the data that was exposed.
An attack in August
Starting with the statement, "This notice is to inform you about an incident that involved unauthorized access to personal information maintained by the University of Michigan," the university provides an update on data incidents.
In an effort to lessen the effects, the University of Michigan disconnected its whole campus network from the internet in August after discovering suspicious behavior.
The University believes that after a thorough investigation by "a dedicated review team," the threat actor also obtained financial and medical data in addition to personally identifiable information like a person's name.
For applicants, employees, contractors, donors, alumni, and donors, the educational organization reports that the following information was made public:
- Number for Social Security
- driver's license or other identity document provided by the government
- bank account or credit card number
- health-related data
Patients of the University Health Service and School of Dentistry, as well as research study participants' data, might also have been affected:
- demographic data (such as a driver's license, Social Security number, or ID number issued by the government)
- financial data (such as account numbers, credit card numbers, and health insurance details)
- Clinical data from the University Health Service and the School of Dentistry (e.g., medical record number, diagnosis, treatment, or medication history)
- details about taking part in certain research projects
Everyone whose data was compromised in the hack has been made aware of the event. It could take up to five days for the letters to arrive at their destination; they were mailed today.
"We are providing free credit monitoring services to anyone whose sensitive information may have been involved in this incident out of an abundance of caution." - Michigan University
After a week or so, the University of Michigan discovered the attack and quickly made the accounts on its computer systems reset to new passwords.
With around 51,000 students and over 30,000 academic and administrative staff members, the university is among the biggest and oldest in the country.
Source: Bleeping Computer
