Michigan State University has confirmed a data breach affecting 2,600 people who purchased items from the online store

After hacking into the shopmsuedu website, hackers stole various credit card and personal information They then inserted malicious code into the site's own code to conduct a web-skimming attack, capturing text entered into form fields by website visitors, specifically credit card numbers

Bleeping Computer reports that the perpetrators took advantage of a flaw in the Michigan State University website to gain access However, the university has publicly stated that the flaw has since been fixed

"Between October 19, 2019 and June 26, 2020, an unauthorized person accessed Michigan State University's online store, shopmsuedu, and installed malicious code that exposed shoppers' credit card numbers," the university said in a statement" The intrusion was the result of a vulnerability in the website, which has since been addressed"

The school said the hackers accessed customers' "names, addresses, and credit card numbers," but not their Social Security numbers

The college explained that its security team "promptly fixed the vulnerability" and that it is "cooperating with law enforcement in the investigation"

"Our top priority is to share resources and tools to protect consumers from these cybercriminals so that their information is not further compromised," said Daniel Ayala, interim chief information security officer at Michigan State University [The security of our IT systems and the people who use them is of utmost importance to MSU We deeply apologize and understand the concerns of those affected" We are working around the clock to make this right"

Since the vulnerability was discovered and fixed, the university has begun contacting everyone affected by the web-skimming attack

Michigan State University explains that it is "offering free credit monitoring and identity theft protection to further protect against information breaches"

For those involved in an information breach, the university advised the following steps:

"MSU has invested heavily in information security and will continue to do so However, investment alone is not sufficient [But investment alone is not enough," Ayala said We are determined to dedicate ourselves to this important work, which is vital to protecting all those who use our systems in today's highly technological society"