A database breach that exposed social security numbers as well as names and Michigan State University (MSU) ID numbers will cost the school about $3 million to remediate and to bolster system safeguards.
The hack will likely push MSU to assess its data handling policies and security scheme, but, school spokesperson Jason Cody told the Lansing State Journal that currently there are no plans to alter how data is stored, explaining that MSU needs to retain records to support its “ongoing relationships with members of our community long after they leave us.”
But Privacy Rights Clearinghouse Director of Privacy and Advocacy Paul Stephens challenged that stance, telling the Journal that “There's no need to maintain certain data elements. And MSU shouldn't have maintained social security numbers.”
The school also caught flak for the five-day gap between when the hack was discovered and when MSU began notifying potential victims.