University of Minnesota Data Breach Investigation
The Lyon Firm is investigating an alleged data security incident involving potentially millions of individuals linked to the University of Minnesota. The university has confirmed suspicious network activity and has altered the authorities.
The University of Minnesota has now confirmed a potential data breach event and has notified state and federal agencies of a potentially significant IT security incident.
Specific details have yet to fully emerge as an investigation is still underway, but school officials say they are “aware that an unauthorized party claimed to possess sensitive data.” The personal data is thought to include up to 7 million Social Security numbers of former and current University of Minnesota students and staff.
On July 21, 2023 the university launched an investigation after a hacker made claims of accessing a database that held SSNs dating back to the 1980s. A UofM spokesman says, “The preliminary assessment is that the data at issue is from 2021 and earlier…The University has taken steps since 2021 to bolster its overall system security through actions such as enhancing multi-factor authentication capabilities and increasing the frequency of monitoring activities.”
The University of Minnesota will soon begin to notify anyone whose personal information may have been compromised. Earlier this year, another data breach exposed the data of government agencies and the Minnesota Department of Education.
How Do Data Breaches Occur?
Investigators say the primary causes behind security events like the one targeting the University of Minnesota include poorly devised and compromised passwords, policy violations, malware and phishing emails. It is unclear what led to the UofM breach.
The Lyon Firm encourages all potentially affected individuals in the University of Minnesota security breach to remain vigilant against potential fraudulent activity by reviewing account statements, credit card bills and credit reports. Contact our privacy attorneys to review your case. We believe educational institutions have a duty to engage in the following system security measures:
- Monitor data security systems for existing intrusions
- Ensure that anyone with access to computer systems and school data employ reasonable security procedures
- Train employees in the proper handling of emails containing PII and maintain adequate email security practices
- Implement technical policies and procedures to allow electronic access only to individuals or software programs granted access rights
- Implement procedures to review records of information system activity regularly, such as audit logs, access reports and security incident tracking reports
- Protect against reasonably anticipated threats or hazards to the security or integrity of electronic data