Image 01 Image 03

University of Minnesota Says Student and Worker Information May Have Been Stolen by Hackers

University of Minnesota Says Student and Worker Information May Have Been Stolen by Hackers

“The university said the data breach was not affecting its operations.”

People assume that a university has the best systems in place to prevent something like this. Apparently not.

MPR News reports:

U says hackers may have stolen decades of student, worker data

Personal information about students, potential students and employees at the University of Minnesota between 1989 and August of 2021 may have been stolen by hackers, the university acknowledged on Thursday.

U officials sent out a notice providing more information on a data breach initially reported last month. They said an investigation determined that someone likely gained unauthorized access to a university database in 2021.

Potentially breached information includes full names, addresses, birth dates and Social Security numbers, driver’s license or passport information, birth dates and other demographic information, the university said in a statement.

The U said it would post notices about the breach on its websites and email people potentially affected by the breach, if their email addresses are on file. It will send email notifications to approximately two million individuals.

“The email will come from [email protected] and will provide more detail about the steps being taken in response to this incident,” the U said in its statement on Thursday.

In the statement, the university said it’s offering those potentially affected by the data breach 12 months of free credit and identity monitoring services.

The university said the data breach was not affecting its operations.

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

Isn’t there a law about SSN only being used by the SSA?

    henrybowman in reply to MajorWood. | September 25, 2023 at 5:15 pm

    Bwa ha ha ha! They passed a government lAw tO pROteCT yOU back in 1974 and told everybody that the law did all these wonderful things. But it doesn’t, not at all.

    “Even when there is no law requiring it, a business might request your SSN and deny you service if you refuse to provide it.” (PrivacyRights.org)

    The Privacy Act of 1974 says that if you find somebody abusing your SSN, you have a right to sue them… yourself, with your own money.

    Don’t you “feel safe” now? Because, y’know, you have a “right to ‘feel safe.'”

      henrybowman in reply to henrybowman. | September 25, 2023 at 5:17 pm

      And, on this topic, just follow the history:

      When Social Security was first debated [in 1935] in the [Franklin D.] Roosevelt Administration, the president himself assured American citizens that a Social Security number would never be used for identification purposes.
      –VIN SUPRYNOWICZ

      FOR SOCIAL SECURITY PURPOSES ONLY — NOT FOR IDENTIFICATION.
      –THE SOCIAL SECURITY CARD (1936-1972)

      Hereafter any Federal department, establishment, or agency shall, whenever the head thereof finds it advisable to establish a new system of permanent account numbers pertaining to individual persons, utilize exclusively the Social Security Act account numbers…
      –EXECUTIVE ORDER 9397, FRANKLIN D. ROOSEVELT (1943!)

      We have to accept that the Social Security number is the de facto national identifier and its use by government agencies at all levels and the private sector is too embedded to change.
      –JAMES G. HUSE JR, INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION (2001)

I wanted to follow your link “data breach initially reported last month” to see if this is yet another one of the dozens of cases of “MOVEit Transfer” exploit (my old company’s pension fund just reported getting hit), but the link has no target.