The University of Michigan cyberbreach that prompted a three-campus internet shutdown in August gave hackers access to the personal information of up to 230,000 students, faculty and staff, the university said.
Hackers accessed the personal information of people including students, applicants, alumni, donors, employees, contractors, research study participants and patients at the University of Michigan’s Health Service and School of Dentistry, a university statement said. Letters were sent to the roughly 230,000 people affected, university spokeswoman Kim Broekhuizen said.
Social Security numbers, names, driver’s license numbers, payment card numbers and health information may have been compromised, according to the university’s statement.
The attack occurred from Aug. 23 through Aug. 27, with Michigan’s fall semester starting Aug. 28. To help ward off the attack, the university shut down internet access to all three of its campuses during the first week of classes. Connectivity and internet access were restored Aug. 30.
In addition to launching an investigation and working with the police department, university officials have said they are working with cybersecurity experts to “take steps to harden our systems and emerge from this incident as a more secure community.”
This was the second public cyberattack on the University of Michigan this year. In January, the university announced its University of Michigan Health system experienced an attack on one of its vendors.