Courtesy of Metropolitan State University

Metropolitan State University officials say a “probable” data breach announced in January likely exposed the personal information of about 160,000 current and former students.

An investigation has concluded that a hacker could have obtained the last four digits of the Social Security numbers of about 11,000 students, they said.

But no other student financial or credit-card data is in jeopardy, they said. A university spokeswoman said no one from the Metro State community has reported any identity theft.

In an emailed statement, interim president Devinder Malhotra wrote:

“We regret this incident and sincerely apologize to those impacted. Since learning of this intrusion, our Information Technology team has disabled the vulnerability that permitted the breach and replaced the affected server. The university also completed additional security measures to minimize future security risks.”

In February, the administration notified 900 faculty – who’d served at any point between 2004 and 2009 — that their Social Security numbers may have been taken in the hacking. A university spokeswoman said she did not know for sure whether that data contained full Social Security numbers or just the last four digits, but thought the hacker got just partial numbers.

Metropolitan State University announced the breach Jan. 16, saying a hacker had penetrated a university web server once in mid-December. They said a network security service discovered the hacking Jan. 2, and that five days later personnel fixed the software glitch that caused it. The university also moved its web site to a new server.

University officials say about 25,000 of the 160,000 students affected have been enrolled in the past three years. But a spokeswoman said she did not know how far back in time the affected data goes.

The information includes dates of birth, home addresses and phone numbers, grade point averages and other personal information.

Something’s changing. (Alex Friedrich / MPR)

Starting today, the University of Minnesota is upgrading the software that all of its campuses use for business and academic operations.

The 10-day, $85 million switchover will affect almost 100,000 faculty, staff and students. It should improve how the U manages areas such as payroll, financial aid and grading.

CIO Scott Studham says people outside the university shouldn’t notice much of a difference, and that most of the information systems will operate as usual.

“So email will continue to work just as usual,” he said. “The network and wireless will continue to work just as usual.”

It’s not just about improving operations, Studham said; the vendor for the current system doesn’t support it anymore.

“This is an absolute necessity,” he said. “So while it may cause some change, this is something that we just have to do.”

Testing suggests the changeover should run smoothly, Studham said.

But he said it’s always possible the new system will suffer some glitches. He says the U has beefed up staffing at its help line for those who encounter problems and it will have personnel to help people on campus.

Studham says during the last major upgrade in 1996, a squirrel made its way into a power panel outside the data center and electrocuted itself. The resulting power outtage caused computers to go down for about an hour.

Looks like the University of Minnesota has named the team to draft a plan to carry out reforms to its research program, as recommended in a Feb. 27 external review.

Plans are expected on President Eric Kaler’s desk by May 15.

From the U’s website:

The University of Minnesota has established the team charged with overseeing plans to advance the University’s human subjects protection program. The team will focus on how to implement a set of independent review panel recommendations for strengthening the University’s human subjects research practices, especially those involving people with limited decision making capacity.

University President Eric Kaler has asked the team to advance the program to become a national model, meeting the highest standards of ethics and science. At its March 27 meeting, the Board of Regents approved immediate and longer term action plans to implement the recommendations. It also committed to an open and collaborative action planning process and continued monitoring and oversight of the University’s efforts.

The implementation team, made up of both internal and external members, is chaired by Dr. William Tremaine, M.D., a member of the Gastroenterology and Hepatology Departments at the Mayo Clinic and director of the Mayo Clinic Institutional Review Board.  Dr. Brooks Jackson, M.D., dean of the U’s Medical School and vice president for health sciences, and Dr. Brian Herman, vice president for research, will serve as co-vice chairs of the committee. Other members include:

  • Joanne Billings, M.D., MPH, Assistant Professor, Department of Medicine
  • William Durfee, Ph.D., Morse Alumni Distinguished Teaching Professor, Mechanical Engineering Daniel Debra Dykhuis, Executive Director, Human Research Protection Program
  • Paul F. Goering, M.D., Vice President, Allina Mental Health
  • Gail Klatt, Associate Vice President, Office of Internal Audit
  • Steven Miles, M.D., Professor and Maas Family Endowed Chair in Bioethics, Center for Bioethics; Professor, Department of Medicine
  • Timothy Schacker, M.D., Professor, Department of Medicine
  • Daniel Weisdorf, M.D., Professor, Department of Medicine
  • Carolyn S. Wilson, RN, Executive Vice President and Chief Operating Officer of Fairview; Co-President, University of Minnesota Health
  • Jean Wyman, Ph.D, RN, GNP-BC, FAAN, FGSA Professor and Cora Meidl Siehl Endowed Chair in Nursing Research Director

The implementation team will meet weekly, with its first full meeting occurring this week. The team will widely engage stakeholders in developing the plan, and will conduct an open and transparent process in sharing progress. The team’s primary tasks will be to:

  • Complete a work plan that includes accountability metrics

  • Provide an analysis of the resources necessary to implement the plan

  • Review best practices on managing conflicts of interest and organizational or structural changes that would improve the University’s processes

  • Form a committee of external experts and community members to provide input into the University’s human subjects protection program