Even as schools are dealing with the fallout from coronavirus, a Michigan university is facing the fallout of a cybersecurity virus too. Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site, shop.msu.edu.
Volusion, which provides online payment processing to companies, publicly reported that the personal information of some of its merchant clients was exposed last fall, when malware was inserted into its ecommerce application. An outside forensic evaluation uncovered the extent of the breach. Those affected were people who shopped on Volusion-hosted websites between Sept. 7 and Oct. 8, 2019, including one run for Michigan State.
According to university officials, the breach exposed names, phone numbers, addresses, credit card numbers, expiration dates and CVVs. In response, the institution said it would replace the payment solution with another “with stronger and more robust cybersecurity measures.”