Hackers managed to break into a Michigan State University server, gaining access to a database that contained no less than 400,000 records and information concerning current and former students and employees.
The University confirmed that the hack took place on November 13, and revealed that the database included names, social security numbers, and MSU identification numbers of faculty, staff, and students who were employed between 1970 and November 13, 2016.
On the other hand, the University says that no passwords or financial, academic, contact, or health information was stored in the database that got hacked.
Out of the total 400,000 records, 449 were accessed by the hackers, and the University administrators managed to take down the database “with 24 hours” after detecting the breach.
“MSU’s Information Technology team rapidly determined the cause and nature of the breach, and the MSU Police Department is working diligently with federal law enforcement partners to investigate the crime,” the University says.
“There is no evidence unauthorised individuals retrieved the other records; however, as a precaution, MSU is reaching out directly to all individuals who may be affected by this criminal act to offer free credit monitoring.”
Furthermore, the University warns that following the breach, some of the students or employees whose data was included in the hacked database might become the target of fraud and identity theft, and suspicious activity should be reported to police immediately.
A previous Michigan State University hack was recorded on October 28, when Security Affairs reported that a young hacker managed to break into a database containing names, logins, phone numbers, emails published and encrypted passwords. It’s not clear if the two attacks are connected to each other in any way, but the hacker said that he used a simple SQL injection vulnerability in the server to access the database.
Update: An MSU representative contacted Softpedia to clarify that the two hacks aren’t related to each other. Story updated on November 22 to reflect this.