The University of Michigan provided an extensive update on the data breach they faced back in August.
Very sensitive information was potentially viewed by threat actors.
Before now, they’ve remained silent about the severity of the breach, what information was stolen, and what happened while investigations were being carried out.
“The University used a dedicated review team to conduct a detailed analysis of the files included on the systems accessed by the unauthorized actor,” U-M says in their newest report.
“Based on our investigation, we have determined that an unauthorized third party was able to access certain University systems from August 23, 2023 to August 27, 2023.”
Extremely sensitive data was stolen, with the exact information depending on the person and their role in the university.
For students, applicants, alumni, donors, employees, and contractors, the hackers may have obtained your social security number, government ID or driver license, payment information, financial information, and healthcare info.
For research study participants and University Health Service and School of Dentistry patients, the threat actors may have obtained all of the same information (SSN, ID info, financial info, etc). However, the hackers may have also been able to access your client’s information as well, exposing their information as well.
The University has sent out letters to all individuals who were affected by the breach, explaining what happened and what information of theirs was exposed.
They’re offering free credit monitoring services for those affected by the breach.
They’re also “continuing to work with third-party cybersecurity experts to take steps to harden our systems and emerge from this incident as a more secure community,” among other protective steps.
If you believe your information was exposed, you have additional questions, or have any information on the breach, you can contact the Federal Trade Commission (FTC) or law enforcement agencies to get additional support.