Information on Data Security Incident

Message from the president

“At Michigan State University, we are committed to data and privacy protection. Regrettably, we were recently the target of a criminal act in which unauthorized users gained access to our computer and data systems. Information security is a top priority of our university, and we know the frustration this is causing members of our community.

We have a deep sense of obligation to our MSU family, and we are taking aggressive action to protect any personal information that may have been compromised. Only 449 records were confirmed to be accessed within the larger database to which unauthorized individuals gained access. However, as a precaution, we will provide credit monitoring and ID theft services for any member of our community who may have been impacted by this criminal act. We also will continue to work diligently in our efforts to protect the integrity of our data systems and improve the security of information that is entrusted to us.”

President Lou Anna K. Simon

President Lou Anna K. Simon


Michigan State University has confirmed that on Nov. 13, 2016, an unauthorized party gained access to a university server containing certain sensitive data.

The database, which contained about 400,000 records, included names, social security numbers, MSU identification numbers, and in some cases, date of birth of some current and former students and employees. It did not contain passwords, financial, academic, contact, gift or health information. Of those records, 449 were confirmed to be accessed by the unauthorized party. The affected database was taken offline within 24 hours of the unauthorized access.

MSU has undertaken a number of efforts to notify all students, alumni, staff and faculty who were affected. The university sent email notifications to affected parties, posted information on its social media channels, sent notices by mail to the known U.S. Postal addresses of all affected individuals and distributed a news release to media outlets.

This website ( will be the central location where all updates regarding this incident will be posted.

To protect affected individuals against identity theft and to help educate the MSU community, the university is:

  • Offering free 2 years of identity theft protection, fraud recovery, and credit monitoring. For enrollment details call 1-855-231-9331 or visit
  • Launching a comprehensive investigation of information systems
  • Accelerating IT security projects for key risk areas
  • Holding a series of information sessions and seminars on data security and identity theft protection

Frequently Asked Questions

  • How do I enroll in the identity theft protection?
    • MSU will not contact you asking for sensitive data. Only use the following methods to enroll in identity theft protection:
    • Identity theft protection coverage extends through Nov. 30, 2018.
  • Who was affected by the data breach?
    • The unauthorized party had access to a database containing about 400,000 records; only 449 records were confirmed to be accessed by the unauthorized party.
      • All faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016
      • Students who attended MSU between 1991 and 2016
    • To verify if you are one of the affected individuals and to enroll in identity theft monitoring, call 1-855-231-9331 or visit
  • How can I identify if I’m one of the 449 records the attacker accessed?
    • MSU is reaching out to all of the 400,000 people that were in the database, even though only 449 were confirmed to be accessed by the unauthorized user. If your email or postal letter states “Although we have no evidence an unauthorized individual has actually retrieved and is using your personal information,” then your information was not contained in one of the 449 records.
  • What kind of data was accessed?
    • The records included name, Social Security number, MSU identification numbers, and in some cases, date of birth.
    • No passwords or financial, academic, contact or health information were compromised.
  • What is MSU doing to protect our information?
    • The affected database was taken offline within 24 hours of the unauthorized access.
    • MSU has launched a comprehensive information security program to increase the security position of the university.
    • MSU has accelerated information security projects for key risk areas.
  • What should I do to help protect my identity information?
    • Enroll in the identity theft protection, call 1-855-231-9331 or visit
    • Get your free annual credit report from and check for any accounts or charges you don't recognize. You can order a free report from each of the three credit bureaus once a year.
    • Consider placing a credit freeze. A credit freeze makes it harder for someone to open a new account in your name.
      • If you place a freeze, you'll have to lift the freeze before you apply for a new credit card, cell phone or any service that requires a credit check.
      • If you decide not to place a credit freeze, at least consider placing a fraud alert.
      • More information can be found here:
    • Try to file your taxes early, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
    • Don't believe anyone who calls and says you'll be arrested unless you pay for taxes or debt, even if they have part or all of your Social Security number or they say they're from the IRS.
    • For further information, please refer to
  • How do I know if the email, phone call, or postal mail I received is authentic?
    • If you have any concerns about the authenticity of any communication, do not click on links and only use the contact information provided on this website. To enroll in the identity theft protection, call 1-855-231-9331 or visit
  • What do I do if I believe my identity information is being used fraudulently?
    • For identity theft concerns, please call 1-855-231-9331 or visit
    • For identity theft prevention best practices, visit the Federal Trade Commission website at:
    • For criminal issues, please contact the MSU Police Department, referring to case 1658103881.