Michigan State University has announced on Friday that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by a unauthorised third party.
The database contains names, social security numbers, MSU identification numbers, and in some cases, date of birth of faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, and students who attended MSU between 1991 and 2016.
“MSU’s Information Technology team rapidly determined the cause and nature of the breach, and the MSU Police Department is working diligently with federal law enforcement partners to investigate the crime,” the university said.
The database in question was taken offline in less than 24 hours after it was breached by the attacker, but not quickly enough to prevent him or her to access records of 449 individuals.
The university has already notified affected parties, and has offered them two years of identity theft protection, fraud recovery, and credit monitoring services, for free.
They also made sure to note that the database did not contain passwords, financial, academic, contact, gift or health information.
The breach happened on November 13.
Michigan State University spokesman Jason Cody told News 10 that the hacker(s) demanded money for the stolen information, but that the university did not pay.