The University of Minnesota has recently informed law enforcement and regulatory bodies at both state and federal levels about a potentially extensive data breach that came to light a month ago. University officials confirmed this development on Tuesday. According to Jake Ricker, the university spokesperson, the breach was brought to their attention on July 21 when an unauthorized party claimed to have acquired sensitive data from the university’s systems. Despite the claim, the university did not immediately provide details about the breach’s discovery or its scale.
A report from the news site Cyber Express, dated July 21, outlined a hacker’s assertion that they had accessed around 7 million Social Security numbers from the university dating back to 1989. The breach allegedly involved the hacker delving into the university’s data warehouse to assess the impact of affirmative action following a recent U.S. Supreme Court ruling. No specific demands were mentioned in the report. Interim President Jeff Ettinger emphasized the need to verify the claims before taking action, stating that significant resources are being allocated to ascertain the extent of the breach and the individuals affected.
The university initiated an investigation and enlisted external global forensics experts to verify the legitimacy of the claims and reinforce the security of its systems. Regular communication with the FBI has been maintained, and initial findings suggest that the accessed data pertains to the year 2021 and earlier. The university has since bolstered its system security by implementing multi-factor authentication and increased monitoring. It pledged to notify those whose sensitive data might have been compromised and to safeguard against its misuse as mandated by law. Additionally, the university notified the U.S. Department of Education and the state legislative auditor in adherence to legal requirements.
While the U.S. Department of Education did not immediately release any information, Minnesota Legislative Auditor Judy Randall revealed that university officials had informed her of the breach on July 21. She has maintained consistent communication with the university’s internal auditor to understand their data protection processes and the steps they plan to take. As investigations continue, the local FBI office has yet to respond to inquiries. Ricker emphasized the university’s commitment to the safety and privacy of its community, vowing to keep everyone informed as more relevant information becomes available.