The University of Minnesota confirmed Thursday that three decades’ worth of sensitive information about applicants, students and employees were accessed in a data breach, according to The Star Tribune. The disclosure comes two months after murmurs of a potential cyberattack first surfaced. The data were drawn from financial aid applications spanning from 1989 to 2021 and included dates of birth, Social Security numbers and passport information, according to a news release from the university. The university is now facing six lawsuits from individuals whose personal information was obtained in the data breach and who claim the university didn’t properly protect their personal information or promptly notify them when the breach occurred.
“Obviously, this is a very serious breach. We think it implicates a lot of serious concerns about data security and data retention,” Brian Gudmundson, a lead attorney on one of the lawsuits, told The Star Tribune. “We look forward to getting to the bottom of it and making sure that there is redress for the people who are impacted.”
University officials said they hired an outside firm to help investigate the hacker’s claims after learning of them on July 21, and the incident has not affected university operations, The Star Tribune reported. The Minnesota Bureau of Criminal Apprehension is also conducting an investigation, and the FBI’s Minneapolis office confirmed it is “aware of the situation.”
“Out of an abundance of caution, we are notifying all individuals identified with any data element in the data warehouse,” university spokesperson Jake Ricker told The Star Tribune. “The University will send email notifications to approximately two million individuals as part of its notification efforts.”