Data Security

Minnesota School Knocked by Data Breach

• By Dian Schaffhauser
• 01/26/15

Metropolitan State University went public this month with the news that a hacker had broken into one of its servers containing personal information about faculty, staff and students. In a president's letter to the community, the institution said it did not "believe this server contained any financial data or credit card information"; however, several databases did contain employee Social Security numbers. The extent of the damage is unknown.

When the breach was discovered Jan. 2, the university contacted the office of the Minnesota State Colleges & Universities system, of which it is a member, as well as the IT division of the state of Minnesota. The affected server was "isolated" from the network, and law enforcement was notified.

According to a question and answer document online, Metropolitan found out about the breach when it was contacted by a "private information sharing community of trusted research and higher education partners." The service had come across a "blog posting by a computer hacker who claimed to have accessed numerous Web sites and data servers." Although the service wasn't named, the Minnesota system is a member of REN-ISAC, the Research and Education Networking Information Sharing and Analysis Center.

The university reported that it was moving its Web site to a new server as a result of the breakin. That migration was expected to cause "some disruption" of site's functionality.

The investigation is still ongoing, the institution said, and it expected to notify those whose personal information may have been stolen through mail and "other means."

"The university sincerely regrets this apparent breach and any inconvenience it may cause," said Interim President Devinder Malhotra in his letter.