University of Minnesota says data breach compromised student and staff info dating back to 1989

The University of Minnesota has released new information about a security incident that may have led to the exposure of personal information of students, applicants and faculty members involved with the university between 1989 and 2021.

The investigation into the data breach began earlier this year when officials were notified that particular data sets, including admissions, race, and ethnicity information, from one of the university’s databases was posted online.

“The University immediately initiated an investigation and promptly engaged forensics professionals to assess whether the claim was credible and to ensure the security of the University’s electronic systems,” the data incident notice reads. ”After an extensive investigation, the University determined that a person likely gained unauthorized access to a University database in 2021.”

While the specifics of individual exposure vary, depending on the type of data provided by each faculty member or student, university officials have provided an extensive list of potentially stolen or exfiltrated data:

• Admissions or financial aid application data from prospective students and certain parents or guardians such as names, contact information, SSNs, birth date, high school information, standardized test scores, demographic information, and family income
• Student info including educational background,  email addresses, SSN, ID number, date of birth, classes, grades, insurance policy number, loan data, degree and diploma year, as well as parent or guardian names and addresses
• Employee data such as names and addresses, email addresses, SSN, employee ID number, date of birth, driver’s license or identification card, and payroll information (not bank account information)
• Similar data (as described above) for individuals who performed work at the university and received taxable payments, or for university volunteers or spouses/partners of certain University administrators.

The University of Minnesota said it is notifying potentially impacted individuals via email or post, and that it is working with law enforcement and regulatory officials on any active investigations.

Individuals affected by the data breach, even if they’re no longer affiliated with the University, should be on the lookout for any phishing attempts and fraud.

Additional information can be found on the dedicated university webpage, here.

Data breaches and leaks happen every day. You can easily stay on top of them and protect your privacy and identity with Bitdefender Digital Identity Protection.

Our dedicated identity protection tool immediately alerts you when your data is exposed to a breach or leaked online. It scans millions of websites and monitors if your information is leaked on the dark web. Whenever it finds any personal information it notifies you in real time, providing specific 1-click action items to instantly close up leaks and weak points in your digital footprint.