Metropolitan State University recently concluded an IT forensics investigation into a probable data breach that occurred in December 2014.

The investigation determined that there was likely exposure of a variety of personal information from approximately 160,000 students. Of these, approximately 25,000 are "current" students (enrolled in the last three years), while the remainder are older.

The personal data exposed was varied and included a student's name in combination with other information:

  • Demographic Information: date of birth/age, gender, race, ethnicity, country
  • Personal Information: home address/phone/email
  • Academic Information: Cumulative GPA, Term GPA, Local GPA and Transfer GPA, credits, grades, registration, transfers, majors, application, college
  • Star ID: StarID either alone or in an email address
  • Tech ID: Tech ID
  • The last four digits of Social Security numbers

No financial, credit card or banking information was exposed in this incident.

The last four digits of Social Security numbers were likely exposed for 11,000 students. The university is notifying them via U.S. mail.

Minnesota law permits notification by alternate means, so for all students with other data exposed, we will be communicating via email, this web site and via a news release to the media.

"We regret this incident and sincerely apologize to those impacted," said Devinder Malhotra, Interim President. "Since learning of this intrusion, our Information Technology team has disabled the vulnerability that permitted the breach and replaced the affected server. The university also completed additional security measures to minimize future security risks."

Students who want more information may contact Metropolitan State University at Gateway@metrostate.edu or 651-793-1300. 


Additional Information
Metropolitan State University Frequently Asked Questions