Michigan State University disclosed recently that its online store had suffered a data breach in which the names, addresses and credit card numbers of 2,600 people who had shopped at the store which sells the school’s branded merchandise between October 19, 2019 and June 26, 2020 were compromised. Data breaches at colleges and universities are common. The reason for targeting universities and colleges is simple. Generally they maintain tremendous amounts of personal information and many schools have not done a good job of securing the sensitive information they hold. Colleges and universities have much personal information that is often easily accessible within the school’s computer systems. Too often schools have permitted the information to be on unencrypted laptops and flash drives. In addition many schools do not have sufficient security programs in place to limit access to personal information, which the universities keep in their computers long after it is necessary to be kept, such as Social Security numbers for students who have long since graduated.
Colleges and universities must make a greater commitment to data security. Data breach prevention systems should be implemented that include, but not be limited to updated firewalls, limited access to personal information, purging of unnecessary information and encryption. Personal information should not be as open and available as they presently are at this time at many universities. if you are someone who is a victim of the Michigan State data breach, you should contact the University and accept its offer of free credit monitoring. You also should put a credit freeze on your credit report because credit monitoring only tells you that you have become a victim of identity theft after the fact. A credit freeze can protect you from becoming a victim in many instances. This data breach is also a reminder to everyone not to use debit cards when making purchases either online or at a brick and mortar store because the law does not protect you nearly as much if your debit card is used for fraudulent purchases as the protection you get when your credit card is used by a scammer. This incident is also a reminder to us all that we are much safer using our EMV chip cards whenever possible. EMV chip credit cards when used in a brick and mortar store create a one time code to be used for each purchase that is worthless to a hacker. Unfortunately, EMV chip protection is not available when you use your credit card for online purchases.