2,600 credit card numbers compromised at MSU

Local News

EAST LANSING, Mich. (WLNS) – Malicious code on a Michigan State University website exposed information such as names, addresses, and credit card numbers for about 2,600 people.

MSU says no social security numbers were compromised and they are working with law enforcement in the investigation.

An unauthorized party gained access to MSU’s online store to expose shoppers’ credit card numbers between October 19th, 2019 and June 26, 2020.

The intrusion was a result of a vulnerability in the website which has since been addressed, according to a press release from MSU.

“We are deeply sorry and understand the concern of those affected,” MSU Interim Chief Information Security Officer Daniel Ayala said. “We are working around the clock to make it right.”

The university is notifying potentially affected individuals of the breach today and offering free credit monitoring as well as identity protection.

The university’s information security team reminds everyone to protect themselves when shopping online including being aware of phishing emails, creating effective passwords, using two-factor password authentication whenever possible, and deleting files when you are done using them.

“MSU has invested heavily in information security and will continue to do so,” Ayala said.

Additionally, administrators of the affected website will be required to undergo advanced training to ensure they are following all appropriate security measures.

Consumers who think they may have been impacted by this incident and do not receive an official notice from MSU by August 30 are encouraged to call the university at (517) 355 – 1855.

Copyright 2021 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Michigan Headlines

More Michigan

StormTracker 6 Radar