Metro State data breach proves substantial

Metropolitan State University announced on Tuesday, March 14, that a December data breach led to the exposure of personal information from 160,000 current and former students.

The data breach was first announced on Jan. 16, but the extent of compromised information was unclear at the time.

School officials revealed last Tuesday that hackers obtained records of 160,000 students, including 25,000 current students.

The hackers got the students’ names in combination with other information, such as: demographic data including dates of birth, age, gender, race, ethnicity, and country of origin; personal information including the students’ home addresses, phone numbers and email addresses; academic information including the students’ GPA, transfers, grades, majors, and applications; student login ID names (known as StarID) and ID numbers; the last four digits of Social Security numbers.

School officials say that only 11,000 students’ Social Security numbers were exposed, and that all of these students will be notified via U.S. Mail.

Students with other data stolen are being notified via email and the school’s website.

Hackers obtained no financial information, the school said.

“We regret this incident and sincerely apologize to those impacted,” said Devinder Malhotra, interim president, in a statement.

“Since learning of this intrusion, our Information Technology team has disabled the vulnerability that permitted the breach and replaced the affected server. The university also completed additional security measures to minimize future security risks,” Malhotra said.

Faculty members, who were at the college between 2004 to 2009, were told by administrators in February that their Social Security numbers had been accessed by the hackers.

The school apologized to the faculty members and offered them identity protection services from an outside security vendor named Kroll.

— Patrick Larkin

Rate this article: 
No votes yet
Comment Here