MSU Data Breach: Over 30 Million Americans Affected by MOVEit Ransomware Attack
Michigan State University (MSU) recently announced that third-party service providers, National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA), were victims of a data breach caused by the MOVEit ransomware attack. This attack has potentially exposed the personal data of members within the MSU community.
The data breach, conducted by a foreign-based ransomware group called Clop, took advantage of a security flaw in the MOVEit Transfer software. As a result, numerous customers of MOVEit software, including federal and state agencies, financial services organizations, and others, have been compromised.
It remains unclear whether the hackers were able to access personal information during the breach. Instead of contacting the hacked organizations directly, Clop posted a blackmail message on the dark web, instructing the victims to reach out.
Approximately 500 entities and over 30 million individuals in the United States have been affected by this extensive data breach, which has now extended to the MSU campus. Michigan Attorney General Dana Nessel emphasized the severity of the situation, stating that these types of attacks are becoming increasingly common and widespread.
To address the breach, Nessel urges individuals who believe their information may have been compromised or who suspect identity theft to contact the consumer protection team in her office. In addition, MSU’s information technology and security experts recommend several protective measures for employees, students, and the public. These include being vigilant against phishing emails, creating strong passwords, using multifactor authentication, minimizing unnecessary data and file retention, and pulling a free credit report annually.
For individuals seeking assistance or more information, they can contact the Consumer Protection Team by mail, phone, or online complaint form.
As this data breach continues to impact millions across the nation, it is crucial for everyone to take necessary precautions to safeguard their personal information. Maintaining awareness, employing best practices for online security, and promptly reporting any suspicious activity can help mitigate the risk of identity theft and other cyber crimes.
