UMN data breach sparks concerns for those affected

UMN students and alumni speak out on how they feel about the UMN data breach.

It’s estimated over seven million accounts were compromised.

Published November 19, 2023

The University of Minnesota released in September information regarding a data breach affecting students, prospective students and faculty members’ personal data. The data included addresses, driver’s license information and passport details. The Cyber Express reported over seven million Social Security numbers were compromised.

The University responded by offering access to a data tracking service called Kroll, allowing people to monitor changes to their credit data. It also provides the opportunity to consult with fraud specialists and investigate suspected identity theft.

Elena Montanye, a University alum, said she received an email in September stating her data was compromised.

About a month after receiving the email, she said her bank notified her of suspicious activity on her card. Upon contacting her bank, an employee in the fraud department informed her of an $85 charge from Apple on her credit card. Although she closed her card, she had made purchases from Apple before, so she was unable to prove the purchase was not hers.

“It’s kind of impossible to prove that it wasn’t me,” Montanye said. “I basically just lost 85 bucks but I feel fortunate that it was only $85. I have a good job and everything. It didn’t take me out or anything like that.”

A couple of days after the charge, Montanye said she realized the incident could be related to the data breach.

“It was just so weird,” Montanye said. “I’ve had this card since I was like 16 years old and all of a sudden, somebody accessed it. It was really odd. Then I made that connection and mentioned it to a couple of people, and they’re like, ‘That’s absolutely it.’”

Montanye said she is not completely sure the information was accessed due to the data breach but now is paranoid about how her data is being used, especially after her X account informed her someone requested to change her password.

“At the time I was like, ‘Oh my God, they’re coming at me from every angle,’ but what happened to me could realistically not be the data breach,” Montanye said. “It just seems really, really coincidental.”

Montanye added she wishes the University had been more proactive in protecting her data and hopes the Kroll monitoring service gets extended beyond a year.

Jason Chang, a third-year student at the University, said he received the email but has not experienced any issues with his data being used. He signed up for the ID program but has not checked it since signing up and is not worried about his data.

“I feel a little bit numb in this age to the idea of data privacy being breached because I feel like that’s a pretty common occurrence nowadays, just due to the sheer amount of data that’s online,” Chang said.

He said there is a difference between the data readily available on the web and the data compromised in the University data breach.

“It’s honestly voluntary versus kind of being taken,” Chang said. “There’s a lot more specific and private information that the University has. A lot of the information that the University has on me is not stuff that I personally, readily give out to various online shopping sources or anything like that.”

At the time he received the email, he said he felt relatively more distrustful toward the University since the data breach, but he added he understands sometimes things like this occur.

“Sure, they could have done more, but I feel like these things are always going to happen,” Chang said. “It’s not too big a deal.”

He said he might join a class-action lawsuit if he feels it will benefit him, but he does not plan on taking individual legal action as a busy college student.

Jacob K., a UMN alum, requested not to use his full name because his personally identifiable information was compromised in the data breach. He said this data breach was not the first time his data was compromised. After the initial breach, he focused on preventive measures.

“I really focused on what can I do to prevent anything happening,” Jacob said. “Which is like locking your credit, checking your reports and making sure your information is correct and doing things proactively.”

He said he recommends everyone freeze their credit in order to protect themselves through companies like Equifax, Experian and TransUnion.

“Now that it’s free I can’t recommend that enough,” Jacob said. “It’s totally worth the peace of mind.”

He added he wants the University to take more clear-cut steps to educate people on protecting themselves, suggesting creating a guide to help students protect their credit.

“As an educational institution, I really hope they can take this opportunity to educate people about the impact of all of this, what people should be doing, and how to be empowered to take their own control,” Jacob said.

He said he remembers his “heart sank” when he learned his data had been used for the first breach but said as long as people take the necessary steps, they should be able to protect themselves.

“There is a little bit of a learning curve, but it’s really not that many steps,” Jacob said. “If you do that, then I think everything will be okay.”