Michigan State Grapples with Data Breach in Third-Party Software

keyboard with credit card and lock

Even as schools are dealing with the fallout from coronavirus, a Michigan university is facing the fallout of a cybersecurity virus too. Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site, shop.msu.edu.

Volusion, which provides online payment processing to companies, publicly reported that the personal information of some of its merchant clients was exposed last fall, when malware was inserted into its ecommerce application. An outside forensic evaluation uncovered the extent of the breach. Those affected were people who shopped on Volusion-hosted websites between Sept. 7 and Oct. 8, 2019, including one run for Michigan State.

According to university officials, the breach exposed names, phone numbers, addresses, credit card numbers, expiration dates and CVVs. In response, the institution said it would replace the payment solution with another "with stronger and more robust cybersecurity measures."

"While there was no breach to [our] networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information," noted Chief Information Officer Melissa Woo, in a statement. "We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action."

The school also provided basic guidance on how to protect themselves in the face of a breach, including using two-factor authentication with online accounts where possible, taking advantage of free credit reporting and putting a fraud alert on personal credit files, as advised by the Federal Trade Commission.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • cloud, database stack, computer screen, binary code, and flowcharts interconnected by lines and arrows

    Salesforce to Acquire Data Management Firm Informatica

    Salesforce has announced plans to acquire data management company Informatica for $8 billion. The deal is aimed at strengthening Salesforce's AI foundation and expanding its enterprise data capabilities.

  • Abstract AI circuit board pattern

    New Nonprofit to Work Toward Safer, Truthful AI

    Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a new nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.