Letter to campus: Bricker & Eckler cybersecurity incident

April 6, 2021

From: Office for Civil Rights and Title IX Education and Compliance

To: MSU Campus Community

Subject: Notice of a recent cybersecurity incident

 

Dear Faculty, Staff and Students,

We are writing to inform you of a data security incident that took place at a third-party vendor, Bricker & Eckler, which is the law firm affiliated with INCompliance. INCompliance has served as both external investigators and external resolution officers for MSU on matters related to the Relationship Violence and Sexual Misconduct (RVSM) Policy and Anti-Discrimination Policy (ADP).

We are committed to transparency and want to share what we currently know:

• The data security incident was a ransomware attack that blocked Bricker from accessing its data unless a demanded ransom was paid.
• Bricker retrieved and secured all of the data and documents from the unauthorized party. Bricker stated that it has no reason to believe that data was further copied or retained by the unauthorized actor or that additional data was stolen.
• Once Bricker secured the data and documents, Bricker reviewed the data and determined that INCompliance’s MSU-related data was compromised.
• Specifically, a number of INCompliance’s MSU case related documents and emails were exfiltrated (i.e., stolen) but subsequently retrieved and secured by Bricker. Case related documents ranged from scheduling emails to investigation reports to final determinations that were stored on Bricker servers at the time of the attack.
• A limited number of individuals, some of whom are not or no longer affiliated with MSU, may have been impacted. Those individuals have been contacted and connected with the proper resources.
• We should also note that no MSU-owned technology, networks, or systems were impacted or a part of this incident and as such, your information contained on MSU networks and systems remains secure.

We are available to answer any questions that you may have. Associate Vice President Tanya Jachimiak may be reached directly at ocr@msu.edu. Additionally, there are confidential, support resources (listed below) that may be available to you. 

We will continue to update the campus community on any changes to what has been outlined above.

 

Sincerely,

Tanya Jachimiak

Associate Vice President, Office for Civil Rights

 

Tom Siu                                                          

Chief Information Security Officer                      

---

Confidential Resources at MSU

• MSU Center for Survivors (sexual harassment and sexual assault counseling and advocacy) https://centerforsurvivors.msu.edu/
• MSU Safe Place (relationship violence and stalking) https://safeplace.msu.edu/
• Employee Assistance Program (Counseling services for faculty, staff, and student employees) https://eap.msu.edu/
• University Ombudsperson (academic and non-academic concerns) https://ombud.msu.edu/   
• MSU Counseling and Psychiatric Services (CAPS) http://caps.msu.edu/

 

PDF of original letter