On September 21, 2023, the University of Minnesota (“U of M”) provided an update regarding a data security incident that may have compromised millions of current and former students’ Social Security numbers. In this notice, U of M explains that the incident resulted in an unauthorized party being able to access confidential information dating back to 1989. While the matter is still under investigation, a U of M spokesperson indicated that the data may include current and former students’ and employees’ names, addresses, phone numbers, Social Security numbers, driver’s license information, passport information, university identification numbers, birthdate, admissions applications, and employment information. Upon completing its investigation, U of M will send out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from the University of Minnesota, it is essential you understand what is at risk and what you can do about it. Note that U of M indicated that it will be emailing these notices rather than sending them through the mail. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the University of Minnesota data breach. For more information, please see our recent piece on the topic here.
What Caused the University of Minnesota Breach?
The University of Minnesota data breach was only recently announced, and more information is expected in the near future. However, U of M’s filing with the SOURCE provides some important information on what led up to the breach. According to this source, on July 21, 2023, U of M learned that someone claimed to have posted certain data obtained from a U of M database. In response, U of M investigated the claims with the assistance of outside cybersecurity professionals.
Following an extensive investigation, U of M determined that the claims appear to have been true and that an unauthorized party likely obtained access to the U of M database back in 2021.
The U of M investigation also confirmed that the unauthorized party was able to access information belonging to “individuals who submitted information to the University as a prospective student, attended the University as a student, worked at the University as an employee, or participated in University programs between 1989 and August 2021.”
After learning that sensitive consumer data was accessible to an unauthorized party, the University of Minnesota reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, phone number, Social Security number, driver’s license information, passport information, university identification number, birth date, admissions application, and employment information.
On September 21, 2023, the University of Minnesota sent out data breach letters over email to anyone who was affected by the recent data security incident. These letters should provide victims with a list of which information of theirs was compromised.
More Information About the University of Minnesota
University of Minnesota is a large education system based in Minneapolis, Minnesota. U of M has campuses in Crookston, Duluth, Morris, Rochester, and Twin Cities. Between the five U of M campuses, students have a choice of almost 300 different majors and programs. Currently, U of M enrolls over 68,000 students and grants more than 15,900 degrees each year. University of Minnesota employs more than 20,000 people and generates approximately $2.3 billion in annual revenue.
