Michigan State University data breach linked to global ransomware attack

Mike Ellis, Lansing State Journal

August 10, 2023 at 10:09 AM·4 min read

Oops!
Something went wrong.
Please try again later.

EAST LANSING — A data breach linked to Michigan State University vendors was part of a global ransomware attack that may have affected 30 million Americans, according to a Wednesday statement from the state's Attorney General's Office.

"This was a global data breach that has reached over 500 entities and into the personal information of over 30 million Americans, and now it is confirmed to have crept onto campus at MSU," Attorney General Dana Nessel said in a statement. "These kinds of attacks are becoming more common and wider reaching, and the broad community of MSU students, staff and retirees should take very seriously any indication that their data was stolen. Any Michigan resident who believes their information might have been compromised or that they are the victims of identity theft can contact the consumer protection team in my office."

The data breach for MSU is linked to National Student Clearinghouse and the Teachers Insurance and Annuity Association of America. Those are two large vendors used by many other universities.

The data was exposed by a foreign-based ransomware group known as Clop that exploited a security flaw in the MOVEit Transfer software, according to the Michigan Attorney General Dana Nessel's office.

The organizations, such as MSU or its vendors, were not directly contacted but blackmail demands were posted instructing victims to contact the data thieves, according to the statement.

Michigan State University previously disclosed the breach in a notice to students and others. It is not clear how many people linked to MSU had their data exposed.

The overarching data breach has been public for several months. In July, the U.S. Cybersecurity and Infrastructure Security said it was providing support to various federal agencies "that have experienced intrusions," Eric Goldstein, executive assistant director for cybersecurity, said in a release.

Goldstein said the intrusions affected the agency's MOVEit file transfer software, which encrypts files and uses secure File Transfer Protocols (FTPs), automation and analysis to transfer large volumes of data.

Michigan residents have been exposed to several major data breaches recently, including more than 757,000 people exposed through Lansing Community College, 168,215 people through a recent Henry Ford Health data breach, 156,713 people exposed at Hope College and at Flagstar Bank, based in Troy, which is dealing with a late 2021 data breach that affected more than 1.4 million people, according to regulators.

Data breaches are on track to break records nationally and internationally this year too, said James Lee, the chief operating officer of Identity Theft Resource Center.

The MOVEit data breach is still unfolding with new victims being discovered, he said.

"We’ve been tracking data breaches since 2005," Lee said. "This year, unless by some miracle all data breaches stop, we will set an all-time high. We're already 85% of the way to the current high record number so the question is not if, but when and how far will we exceed it."

Here are some tips from MSU spokesman Mark Bullion to help protect yourself from data breaches:

Be aware of the possibility of phishing emails. There are a wide variety of ways that a hacker can use something authentic looking to trick you. Some clues include giving you a sense of urgency, misspellings or emails that aren't quite right (like a "1" instead of a lower case "l").
Create effective passwords. Don't use the same password or a simple variation of the same one. Change passwords regularly. Avoid using your name, letter replacements (an asterick instead of an "o") or common sequences (like asdfg or 12345). Try instead using passphrases, which are short sentences integrated with numbers and special characters instead of a one- or two-word password.
Use multifactor authentication on devices and accounts when possible. Most of MSU's logins require this, Bullion said.
Do not maintain data or files that are no longer needed.
Get a free credit report annually, those can be gotten by visiting annualcreditreport.com or by calling 877-322-8228.

Businesses should invest in cybersecurity and take steps to regularly monitor commercial credit reports, bank records and state regulatory filings as well as take other steps to make sure imposters aren't stealing information, said Daniel Wimmer, a spokesperson for Michigan Attorney General Dana Nessel.

Contact Mike Ellis at mellis@lsj.com or 517-267-0415

This article originally appeared on Lansing State Journal: Michigan State data breach linked to global ransomware attack

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Report: Suns fire head coach Frank Vogel after 1st-round playoff sweep, eyeing Mike Budenholzer as replacement
Frank Vogel's out after one season in Phoenix failed to produce a playoff win.
Yahoo Sports
Six quarterback situations to worry about & three that are on the precipice | Zero Blitz
Jason Fitz, Charles Robinson and Frank Schwab talk about which quarterback rooms concern them and which they find interesting heading into the 2024 NFL season.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Fantasy Baseball Weekend Preview: Get ready for some offense
Fantasy baseball analyst Fred Zinkie offers up his blueprint for conquering the final days of Week 6.
Yahoo Sports
What's wrong with the Denver Nuggets? | Devine Intervention
Dan Devine and Adam Mares discuss the Denver Nuggets and Minnesota Timberwolves after Monday night’s game 2.
Yahoo Finance
Recession-proof stocks are leading the market's latest leg higher
The Utilities and Consumer Staples sectors have popped since mid-April as investors search for value.
TechCrunch
Nintendo finally confirms the Switch 2 is on the way
In the most anticlimactic way possible, Nintendo on Tuesday confirmed years of rumors: The Nintendo Switch 2 console is on the way. "We will make an announcement about the successor to Nintendo Switch within this fiscal year," wrote Shuntaro Furukawa, the president of Nintendo, on X. Rather, Furukawa wanted to warn users not to expect the actual announcement in next month's Nintendo Direct livestream.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Michigan State University data breach linked to global ransomware attack

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Former NBA guard Darius Morris dies at 33

Report: Suns fire head coach Frank Vogel after 1st-round playoff sweep, eyeing Mike Budenholzer as replacement

Six quarterback situations to worry about & three that are on the precipice | Zero Blitz

2024 Fantasy Football Mock Draft, 1.0

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Fantasy Baseball Weekend Preview: Get ready for some offense

What's wrong with the Denver Nuggets? | Devine Intervention

Recession-proof stocks are leading the market's latest leg higher

Nintendo finally confirms the Switch 2 is on the way

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

The best budgeting apps for 2024