Michigan State Grapples with Data Breach in Third-Party Software

keyboard with credit card and lock

Even as schools are dealing with the fallout from coronavirus, a Michigan university is facing the fallout of a cybersecurity virus too. Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site, shop.msu.edu.

Volusion, which provides online payment processing to companies, publicly reported that the personal information of some of its merchant clients was exposed last fall, when malware was inserted into its ecommerce application. An outside forensic evaluation uncovered the extent of the breach. Those affected were people who shopped on Volusion-hosted websites between Sept. 7 and Oct. 8, 2019, including one run for Michigan State.

According to university officials, the breach exposed names, phone numbers, addresses, credit card numbers, expiration dates and CVVs. In response, the institution said it would replace the payment solution with another "with stronger and more robust cybersecurity measures."

"While there was no breach to [our] networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information," noted Chief Information Officer Melissa Woo, in a statement. "We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action."

The school also provided basic guidance on how to protect themselves in the face of a breach, including using two-factor authentication with online accounts where possible, taking advantage of free credit reporting and putting a fraud alert on personal credit files, as advised by the Federal Trade Commission.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital network with glowing blue and red lines, featuring multiple red arrows shifting in different directions

    Report: Attackers Change Tactics as Ransomware Payoffs Decline

    Attackers are changing tactics as they collect less money from ransomware payoffs, according to a new report from Chainalysis, a blockchain analytics firm.

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • business leader standing confidently amid interconnected gears

    Leading Through Complexity: How Online Leaders Can Drive Digital Institutional Transformation

    Leaders charged with developing and expanding online programs at their institutions are finding themselves in increasingly complex roles, but there are a few core steps institutional leaders can take to ensure success.