Skip navigation links
Michigan State University
Michigan State University
MSU.edu > Issues and Statements >

Vendor’s data breach impacts 300 consumers at shop.msu.edu (April 21, 2020)

Vendor’s data breach impacts 300 consumers at shop.msu.edu (April 21, 2020)

E-commerce vendor Volusion, which provides online payment processing to thousands of clients across the country, has informed Michigan State University of a nationwide data breach. For MSU, the breach impacted less than 300 consumers who processed credit card payments for goods through shop.msu.edu between Sept. 7-Oct. 8, 2019.

“While there was no breach to Michigan State University’s networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information,” said MSU Chief Information Officer Melissa Woo. “We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action.”

In a letter sent to impacted consumers, Volusion said it promptly notified the FBI once it learned of the breach and began an investigation to determine its impact, including identifying information exposed and the number of consumers impacted. 

While social security numbers were not exposed, Volusion informed MSU that the compromised information does includes names, phone numbers, addresses, credit card numbers and CVVs as well as expiration dates for those cards. 

Woo said MSU is currently in the process of identifying an alternative third-party payment solution for its online store – one with stronger and more robust cybersecurity measures.

MSU’s IT experts provided the following ways any consumer can protect themselves during a breach: 

  • Use two-factor authentication on your online accounts whenever possible; 
  • Determine what personal information was exposed;
  • Pull a free credit report. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228;
  • Put a fraud alert on your credit file with the Federal Trade Commission; and
  • Contact your financial institution to inform them that your credit card may have been compromised.

For more information on this breach, Volusion has established a website, ide.myidcare.com/volusion. Volusion has also established a toll-free number that is available 8 a.m. to 8 p.m. Monday through Friday: 1-833-968-1686.