Michigan State Grapples with Data Breach in Third-Party Software

keyboard with credit card and lock

Even as schools are dealing with the fallout from coronavirus, a Michigan university is facing the fallout of a cybersecurity virus too. Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site, shop.msu.edu.

Volusion, which provides online payment processing to companies, publicly reported that the personal information of some of its merchant clients was exposed last fall, when malware was inserted into its ecommerce application. An outside forensic evaluation uncovered the extent of the breach. Those affected were people who shopped on Volusion-hosted websites between Sept. 7 and Oct. 8, 2019, including one run for Michigan State.

According to university officials, the breach exposed names, phone numbers, addresses, credit card numbers, expiration dates and CVVs. In response, the institution said it would replace the payment solution with another "with stronger and more robust cybersecurity measures."

"While there was no breach to [our] networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information," noted Chief Information Officer Melissa Woo, in a statement. "We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action."

The school also provided basic guidance on how to protect themselves in the face of a breach, including using two-factor authentication with online accounts where possible, taking advantage of free credit reporting and putting a fraud alert on personal credit files, as advised by the Federal Trade Commission.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • glowing digital brain above a chessboard with data charts and flowcharts

    Why AI Strategy Matters (and Why Not Having One Is Risky)

    If your institution hasn't started developing an AI strategy, you are likely putting yourself and your stakeholders at risk, particularly when it comes to ethical use, responsible pedagogical and data practices, and innovative exploration.

  • laptop screen with a video play icon, surrounded by parts of notebooks, pens, and a water bottle on a student desk

    New AI Tool Generates Video Explanations Based on Course Materials

    AI-powered studying and learning platform Studyfetch has launched Imagine Explainers, a new video creator that utilizes artificial intelligence to generate 10- to 60-minute explainer videos for any topic.

  • cloud and circuit patterns with AI stamp

    Cloud Management Startup Launches Infrastructure Intelligence Tool

    A new AI-powered infrastructure intelligence tool from cloud management startup env0 aims to turn the fog of sprawling, enterprise-scale deployments into crisp, queryable insight, minus the spreadsheets, scripts, and late-night Slack threads.

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.