Letter to campus: Bricker & Eckler cybersecurity incident
April 6, 2021
From: Office for Civil Rights and Title IX Education and Compliance
To: MSU Campus Community
Subject: Notice of a recent cybersecurity incident
Dear Faculty, Staff and Students,
We are writing to inform you of a data security incident that took place at a third-party vendor, Bricker & Eckler, which is the law firm affiliated with INCompliance. INCompliance has served as both external investigators and external resolution officers for MSU on matters related to the Relationship Violence and Sexual Misconduct (RVSM) Policy and Anti-Discrimination Policy (ADP).
We are committed to transparency and want to share what we currently know:
- The data security incident was a ransomware attack that blocked Bricker from accessing its data unless a demanded ransom was paid.
- Bricker retrieved and secured all of the data and documents from the unauthorized party. Bricker stated that it has no reason to believe that data was further copied or retained by the unauthorized actor or that additional data was stolen.
- Once Bricker secured the data and documents, Bricker reviewed the data and determined that INCompliance’s MSU-related data was compromised.
- Specifically, a number of INCompliance’s MSU case related documents and emails were exfiltrated (i.e., stolen) but subsequently retrieved and secured by Bricker. Case related documents ranged from scheduling emails to investigation reports to final determinations that were stored on Bricker servers at the time of the attack.
- A limited number of individuals, some of whom are not or no longer affiliated with MSU, may have been impacted. Those individuals have been contacted and connected with the proper resources.
- We should also note that no MSU-owned technology, networks, or systems were impacted or a part of this incident and as such, your information contained on MSU networks and systems remains secure.
We are available to answer any questions that you may have. Associate Vice President Tanya Jachimiak may be reached directly at ocr@msu.edu. Additionally, there are confidential, support resources (listed below) that may be available to you.
We will continue to update the campus community on any changes to what has been outlined above.
Sincerely,
Tanya Jachimiak
Associate Vice President, Office for Civil Rights
Tom Siu
Chief Information Security Officer
Confidential Resources at MSU
PDF of original letter