University of Minnesota reports possible breach of "sensitive data"
MINNEAPOLIS -- The University of Minnesota confirms that it has notified state and federal agencies of a potentially significant data breach.
Few details were immediately available, but U officials say that they "became aware that an unauthorized party claimed to possess sensitive data allegedly taken from the University's systems" late last month.
The university said that, as soon as the claim was discovered on July 21, they launched an investigation.
A hacker claims to have broken into a U database containing seven million Social Security numbers. That data supposedly goes back to the late 80s.
RELATED: How hackers gained access to Minnesota Department of Education data
"The preliminary assessment is that the data at issue is from 2021 and earlier," spokesperson Jake Ricker said. "Alongside experts, the University has taken steps since 2021 to bolster its overall system security through actions such as enhancing multi-factor authentication capabilities and increasing the frequency of monitoring activities."
Ricker said that the university will work to notify anyone whose information may have been compromised.
"The safety and privacy of all members of the University community are among the University's top priorities. The University investigates these situations immediately and fully, and will keep the community informed as additional, relevant information becomes available," Ricker said.
There were already concerns among some U students about their physical safety on campus, and now this. Jacob Cave is a rising senior from Rosemount.
"I got my home address, which puts my family in danger, potentially, along with all my transcripts for school, what I've been taking, what I'm looking to pursue," Cave said. "There's only downside to having your information leak."
Earlier this year, a massive cybersecurity breach exposed the data of government agencies and millions of Americans. The Minnesota Department of Education says it was one of the victims of the hack.
The breach at the MDE happened just three months after a leak rocked Minneapolis Public Schools.
State officials report that more than 1,000 security incidents last year hit schools, universities and governments. Given all those numbers, and those are the entities who report those breaches, it might be easy to throw up your hands and wonder if anyone has adequate IT departments. According to experts, that's not the story.
Companies, governments and school districts all do the best they can, but there are vulnerabilities in personal responsibility. State investigators say the leading causes behind security events include compromised passwords, policy violations and malware from bad emails.
"In this case, as well as in the [Minneapolis Public Schools] case, their cyber security issues really have nothing to do with cybersecurity. They have to do with mistakes that people make," said Mark Lanterman, chief technology officer of Computer Forensic Services.
A U spokesperson said they aren't prepared to comment on the size of the alleged data breach, but they're working with law enforcement in the investigation.
