Table of Contents
University of Michigan Data Breach
The University of Michigan recently faced an unfortunate data breach. In this cyberattack, the hackers successfully gained unauthorized access to the university's campus computer network. The data breach incident occurred between August 23 and 27, giving the hackers a window to potentially access a broad depth of classified information.
Unauthorized Access and System Disruption
The university detected suspicious activity on their network in August, which led them to isolate the entire campus internet to minimize further damage. Despite these efforts, the unauthorized access led to system disruptions and temporary internet outages. Unauthorized access to university servers continued from August 23 till August 27.
Access to Personal Information
Alarmingly, the breach resulted in the exposure of personal information belonging to a variety of stakeholders linked to the university. Students, applicants, and alumni had their personal details such as their names, social security numbers and potentially their driver's license details exposed. Similarly, donors and employees also had the same kind of information accessed. But, the breach did not stop there. The information related to contractors, research study participants, and patients at the University Health Service and School of Dentistry was also breached and could potentially compromise their medical history and personal records.
The extent of the data breach that the University of Michigan experienced was significant with several varied types of information exposed.
Personal Identification Information
Among the data accessed were the individual's names, making it easy to identify those affected. However, the type of information accessed did not stop at just names. More concerning was the unauthorized access to Social Security numbers and driver's license numbers. This type of information poses a real risk as it could potentially lead to instances of identity theft.
Financial Information Exposed
Further, the hackers managed to gain unauthorized access to financial information as well. They obtained details such as financial account numbers and payment card details, putting those affected at risk of financial fraud.
Health Information Breached
Lastly, the hackers also managed to access health information. Patients of the University Health Service and School of Dentistry, and even participants in research studies, had their health information, like medical record numbers, diagnosis, treatment, and medication history, potentially compromised. This type of information, falling into unfriendly hands, could lead to the violation of an individual's personal medical privacy.
Response to the Breach
The University of Michigan took several immediate and strategic steps in response to the data breach. These measures were necessary to secure the network, minimize the damage, and ensure support for those affected.
Disconnection of the Campus Network from the Internet
One of the initial responses by the university, upon detecting suspicious activities, was the disconnection of the entire campus network from the internet. This isolation was done to halt any further unauthorized access and thus limit the potential scope of the impact.
Informing Law Enforcement
In an effort to secure their network and hunt down the culprits, the university promptly involved law enforcement. They not only reported the breach but also engaged them for further investigation into the incident.
Notification Letters to the Impacted Individuals
It was also imperative to inform those impacted by the incident. To this end, the university took the responsibility to notify all individuals whose information was exposed during the breach. These notification letters were crucial in alerting the affected individuals about the potential risk to their data, thus making them aware and alert.
Offering Complimentary Credit Monitoring Services
Understanding the potential risk for financial fraud due to exposure of sensitive financial information, the university stepped up to offer complimentary credit monitoring services to the individuals concerned. This offer, made out of an abundance of caution, was designed to help those affected keep a track of their financial accounts, and be alerted in case of any suspicious activity.