On October 23, 2023, the University of Michigan (“U of M”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering there was unauthorized access to confidential information in U of M’s possession. In this notice, U of M explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, driver’s license numbers, financial account or payment card numbers, and health information. Upon completing its investigation, U of M began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from the University of Michigan, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the University of Michigan data breach. For more information, please see our recent piece on the topic here.

What Caused the University of Michigan Data Breach?

The University of Michigan data breach was only recently announced, and more information is expected soon. However, U of M’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. The U of M also posted a website notice entitled “August 2023 Data Incident,” which provides additional details.

According to these sources, on August 23, 2023, U of M detected unusual activity within its computer network. In response, the University proactively disconnected its campus network and launched an investigation with the help of outside cybersecurity professionals.

The U of M investigation ultimately confirmed that an unauthorized party was able to access its system between August 23, 2023 and August 27, 2023. It was also determined that some of the files the unauthorized party was able to access contained confidential information belonging to students, applicants, alumni, donors, employees, contractors, Research study participants and University Health Service and School of Dentistry patients.

After learning that sensitive consumer data was accessible to an unauthorized party, the University of Michigan reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, financial account or payment card number, and health information.

On October 23, 2023, the University of Michigan sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About the University of Michigan

Founded in 1817, the University of Michigan is a public research university located in Ann Arbor, Michigan. U of M annually enrolls approximately 32,000 undergraduate students and 18,000 graduate students, making it both the largest and oldest university in Michigan. The University of Michigan is made up of 19 colleges and offers undergraduate and graduate degree programs in approximately 250 subjects. The University of Michigan employs more than 29,774 people and generates approximately $29 billion in annual revenue.