In August, the University of Michigan experienced a mysterious snafu attack, which compelled the university to initiate a complete shutdown of all its IT systems. The incident garnered significant attention due to the severity of its consequences.
In a public notification, the university disclosed that a considerable amount of sensitive data was compromised during the attack. This sensitive data encompassed financial, medical, and personal information belonging to various individuals and groups associated with the university, resulting in a substantial impact. The affected parties included alumni, applicants, donors, employees, patients, and research study participants.
The exfiltrated data can be categorized into the following types of information:
- Social Security Numbers: The attackers managed to obtain Social Security numbers, which are crucial personal identification numbers in the United States.
- Driver’s License and Other Government-Issued ID Numbers: Additionally, government-issued identification numbers, such as driver’s license information, were compromised during the attack, further raising concerns about identity theft and fraudulent activities.
- Financial Account or Payment Card Numbers: Financial information, including credit card numbers and bank account details, were among the data accessed by the attackers. This breach poses a significant risk to the affected individuals, as their financial security is now compromised.
- Health Information: The attackers also gained access to health information, including medical records, diagnoses, treatment histories, and medication records. This certainly Leads to unauthorized access to the medical history, diagnoses, and treatments of persons affiliated with the university.
University Michigan Public affair office stated:
“Out of an abundance of caution, we are offering individuals whose sensitive information may have been involved in this incident complementary credit monitoring services.”
Summarizing the Event:
he event which involves
- The financial data that was exfiltrated included sensitive information like credit card numbers, bank account details, and health insurance information.
- The compromised data which goes beyond personal finances and extends to the University Health Service and School of Dentistry clinical information.
- Clinical information that encompasses medical record numbers, diagnoses, treatment history, and medication records.
Raises thoughts on the university’s cybersecurity awareness, as such information is a serious breach of privacy and can have significant implications for both the university and the affected individuals.
Please do let us know in the comment section what are your thoughts about this.