The University of Michigan has revealed that it fell victim to a data breach in August, as unauthorized hackers infiltrated its network and gained access to a wide range of sensitive information belonging to various groups, including students, applicants, alumni, donors, employees, patients, and research study participants.
Furthermore, this cyberattack, which lasted from August 23 to August 27, exposed personal, financial, and medical details of those affected. The breach was identified after suspicious activity was detected, leading the university to promptly isolate its campus network from the internet to limit further damage.
A subsequent analysis by a dedicated review team indicated that in addition to personal information like names, the threat actors also accessed medical and financial data. The affected groups, which encompass students, applicants, alumni, donors, employees, and contractors, had their Social Security numbers, driver’s license or government-issued ID numbers, financial account or payment card details, and health information exposed. The breach also impacted participants in research studies and patients of the University Health Service and School of Dentistry, potentially compromising their demographic data, financial information, clinical records, and information related to research participation.
The university promptly informed all individuals whose information was exposed during the breach, and letters notifying them were dispatched. As a precaution, the University of Michigan is offering complimentary credit monitoring services to those affected. The breach highlights the ongoing challenges academic institutions face in safeguarding sensitive data, and the university took swift action, including a password reset, upon discovering the intrusion. The University of Michigan is one of the oldest and largest institutions in the United States, with a substantial academic and administrative staff and a significant student body.