Michigan State University says the hacker or hackers accessed the personal information of up to 400,000 people tried to hit the school up for money.
“It was an extortion attempt,” an MSU spokesman tells 6 News.
Citing an on-going criminal investigation, the spokesman did not say how much the hackers sought or how they made their request. He would only say that MSU didn’t pay it.
There will still likely be significant cost to the university, which is offering two years of credit monitoring and identity theft protection to the 400,000 people – anyone who has been employed by the university since 1970 and anyone who has attended the university since 1991.
The spokesman also said that for technical reasons, this was not a case of “ransomware” – in which hackers typically get access to a company’s information and promise to release it in return for money.
It was a case of ransomware with the Lansing Board of Water and Light. The company paid a $25,000 ransom and spent $2.4 million to fix and protect their computer services afterwards. Insurance covered $1.9 million of that tab.