[BreachExchange] MSU says data breach of third party vendor impacts hundreds

Destry Winant destry at riskbasedsecurity.com
Thu Apr 23 10:17:10 EDT 2020


EAST LANSING, MI (WILX) -- Michigan State University said it has been
informed by E-commerce vendor Volusion, which provides online payment
processing to thousands across the country, of a nationwide data

The university said it was informed that the data breach "impacted
less than 300 customers who processed credit card payments for good
through shop.msu.edu between Sept. 7, 2019 and Oct. 8, 2019."

“While there was no breach to Michigan State University’s networks or
systems, this breach of a third-party vendor is concerning and compels
us to do what we can to help those impacted by sharing this important
information,” said MSU Chief Information Officer Melissa Woo. “We know
that the best tool in protecting yourself from identity theft and
preserving your personal information is accurate information and swift

Volusion said it informed the FBI once it learned about the breach and
began an investigation to determine the impact, including identifying
information exposed and the number of consumers affected, according to
a news release.

Volusion informed MSU that the compromised information does include
names, phone numbers, addresses, credit card numbers, CVVs and
expiration dates for those cards. It said social security numbers were
not exposed.

Woo said the university is currently working to identify an
alternative third-party payment solution for its online store.

MSU IT experts provided the following information to help consumers
protect themselves during a breach:

-Use two-factor authentication on your online accounts whenever possible
-Determine what personal information was exposed
-Pull a free credit report. You may obtain a free copy of your credit
report from each of the three major credit reporting agencies once
every 12 months by visiting www.annualcreditreport.com or calling
toll-free 877- 322-8228
-Put a fraud alert on your credit file with the Federal Trade Commission; and
-Contact your financial institution to inform them that your credit
card may have been compromised.

More information about the BreachExchange mailing list