Consulting Firm Data Breach Impacts MSU

Consulting Firm Data Breach Impacts MSU

Michigan State University (MSU) has been impacted by a data breach stemming from a cyber-attack on an Ohio law firm.

Bricker & Eckler LLP, which is associated with MSU Title IX contractor INCompliance Consulting, was hit with ransomware in January 2021. 

An investigation into the incident determined that an unauthorized party gained access to certain Bricker internal systems at various times between approximately January 14 and January 31.

"Findings from the investigation indicate that the party obtained some data from certain Bricker systems during this period," said the law firm in a data security incident notice.

"Bricker was able to retrieve the data involved from the unauthorized party and has taken steps to delete the data. At this time, Bricker has no reason to believe this data was further copied or retained by the unauthorized party."

Data that may have been exposed in the attack includes names, addresses, and in certain instances medical-related and/or education-related information, driver’s license numbers, and/or Social Security numbers.

Lansing State Journal reports that the cyber-attack on Bricker resulted in the exposure of Title IX case information belonging to nearly 350 people at MSU. 

In a letter sent this week to faculty, students, and staff, MSU wrote: "A limited number of individuals, some of whom are no longer affiliated with MSU, may have been impacted. Those individuals have been contacted and connecte ..