Skip to main content

Michigan State University Announces Third Party Data Breach That Could Affect MSU Community

LANSING - Michigan State University recently announced that third-party service providers National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA) were affected by the recent MOVEit data breach, resulting in the potential exposure of MSU community members’ personal data.

It is unknown if the hackers were able to access personal information. NSC and TIAA will provide the University a list of any students or retirees whose information may have been exposed and affected individuals will be individually notified.

This large-scale data breach was conducted by a foreign-based ransomware group, known as “Clop”, who exploited a security flaw in the MOVEit Transfer software. Progress Software, which develops the MOVEit software, patched the vulnerability, but not before hackers compromised large numbers of its customers, including federal and state agencies, financial services organization, and numerous others. ‘Clop’ did not contact the organizations it had attacked, instead posting a blackmail message on the dark-web instructing victims to contact them directly.

While the exact number is still unknown, it is approximated that over 500 entities and 30 million individuals in the United States have been impacted by the data breach. MSU reports that NSC created a webpage for students to stay up to date, and that TIAA’s partner, Pension Benefit Information, LLC, created a similar site for retirees to stay informed.  

Attorney General Nessel encourages Michigan consumers to take steps to protect their information. For more information, please read the Attorney General’s Consumer Alert Data Breaches, What to do Next.

“This was a global data breach that has reached over 500 entities and into the personal information of over 30 million Americans, and now it is confirmed to have crept onto campus at MSU,” said Nessel. “These kinds of attacks are becoming more common and wider reaching, and the broad community of MSU students, staff, and retirees should take very seriously any indication that their data was stolen. Any Michigan resident who believes their information might have been compromised or that they are the victims of identity theft can contact the consumer protection team in my office.”

MSU information technology and security experts recommend employees, students and the public to take the following actions to best protect themselves during a breach:

  • Be aware of the possibility of phishing emails;  
  • Create effective passwords;  
  • Use multifactor authentication on devices and accounts whenever possible (this is already required for most MSU logins);
  • Do not maintain data and files that are not needed; and
  • Pull a free credit report annually. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting the Annual Credit Report website or by calling toll-free 877-322-8228.

To file a complaint with the Attorney General, or get additional information, contact:

Consumer Protection Team
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint form

###

Media Contact: