COLUMBIA, Mo. – Officials have launched an investigation into a recent University of Missouri System data breach, which has impacted thousands of organizations and led to some personal data being compromised.
Besides Mizzou, this data breach is also affecting UMKC, UMSL, and Missouri S&T. This comes after a wave of cyberattacks this summer that affected thousands of companies and institutions.
“We’re working to make sure that this type of breach never happens again,” Christian Basi, communications director at the University of Missouri, said Wednesday. “It could be as sensitive as a birthdate and a social security number, a name, and an address. It really depends upon what the files were that were breached.”
Just days before the start of a new school year, a date breach is impacting the entire University of Missouri System.
The data breach involves file transfer software called MOVEit, used to share large files between organizations worldwide.
“Immediately those companies and institutions like MU, like the University of Missouri System, started investigating the situation to determine what exactly was breached, what exactly was vulnerable, and what we could find,” Basi said.
University of Missouri system officials have launched an investigation separate from outside vendors to determine how many people and what data might have been impacted.
“The breach impacted some outside vendors that we use to assist in our operations, including our enrollment and pension processes,” said Ben Canlas, interim vice president for Information Technology. “While we continue to work on obtaining specific information, we want to alert our employees, students, and retirees that they might be impacted by this breach.”
Since the data breach also affected outside vendors used by the university, current and former university employees and students might receive information about the breach from a vendor independent of the university.
“We have had some numbers come through and thankfully, it’s been a smaller number than we were initially expecting, so that’s been good, but we don’t have an exact detail yet,” Basi said.
Some of the outside vendors affected by the cyberattack are used by the UM System’s enrollment data and pension information. Pension Benefit Information LLC and the National Student Clearinghouse were among the companies in the breach. Their files include records on current and former students.
The National Student Clearinghouse is reviewing the vulnerable files and will release a report to the university once the review is complete.
“This is a large-scale investigation and as such, many details, including the specific types of information and the number and identity of the individuals impacted, have not been confirmed at this time,” Canlas said. “The comprehensive process to identify this specific information is proceeding as quickly as possible.”
Basi said the system’s IT team stops cyberattacks almost daily, and the team will continue to review this situation and work with other software companies to determine how this breach occurred and to make sure it doesn’t happen again.
“You would be hard-pressed to go and find any institution that hasn’t had some kind of an IT situation over the past 15 to 20 years,” Basi said. “Our IT Team has an exceptional security team in place and is constantly looking at and updating technology and the techniques, so we’re able to keep the university from having to deal with these types of breaches.”
The University of Missouri system says individuals can take steps to reduce their chances of being victims of a similar crime:
- Check your credit reports annually
- Consider placing a credit freeze on your credit report
- Block electronic access to Social Security Information by calling the Social Security Administration at 9800-772-1213
- Refrain from clicking links in suspicious emails
- Don’t share personal information on email, social media posts or other electronic formats
University officials want to remind the campus community that even if precautions are taken, individuals can still become victims of a crime. If you think you might be a victim of fraud or ID theft, you are encouraged to file a police report.