Details of 160K current and former Metro State students exposed in data breach


A data breach at Metropolitan State University in St. Paul exposed the personal information of 160,000 students past and present.

The university announced Tuesday the result of its investigation into the hack revealed in January, saying names, dates of birth, home addresses, phone numbers, GPA information, email addresses and, in some cases, the last four digits of social security numbers were exposed.

Of those affected, 25,000 are current students (enrolled in the past three years), while the remainder are older students.

No financial, credit card or banking information was accessed by the hackers, while 11,000 students had the last four digits of their social security numbers exposed.

"We regret this incident and sincerely apologize to those impacted," said Devinder Malhotra, interim president. "Since learning of this intrusion, our IT team has disabled the vulnerability that permitted the breach and replaced the affected server. The university also completed additional security measures to minimize future security risks."

Students with their social security digits compromised will be notified by letter, while the rest will be told via email, the university's website and through media coverage. They will be offered identity-protection services by the university.

The U.S. Secret Service began investigating what was then a suspected breach in mid-December, when someone gained unauthorized access to MSU's server which contained details of faculty, staff and students.

The Star Tribune reports the social security numbers of 900 faculty members had been exposed by the breach.

The newspaper says that university officials were notified about the hack after someone, reportedly an Australian teenager, appeared to claim responsibility after boasting about it on a blog site.

Next Up