Update on Metropolitan State data breach: Students affected will receive notification via U.S. mail

Metropolitan State University recently concluded a data breach investigation following
a computer security intrusion last December. In February, it was determined that there was likely exposure of Social Security numbers belonging to approximately 900 faculty members. Further investigation has revealed there was also likely exposure of approximately 160,000 student’s personal information.

The data linked to students was varied and included names in possible combination with demographic, personal and academic information, as well as Star IDs, Tech IDs and the last four digits of Social Security numbers. As with the findings from February, no financial, credit card or banking information was exposed.

The last four digits of Social Security numbers were likely exposed for 11,000 students
and they will be notified by mail. For all other students with information possibly exposed, they will be notified by e-mail.

Since learning of the data breach, Metropolitan State’s IT team has disabled the vulnerability that permitted the breach and replaced the affected service. The university has also completed additional security measures to minimize future risks.

All questions regarding exposure of personal data can be directed to gateway@metrostate.edu.