Cyber Incident Victim: Missouri Southern State University

On January 9, 2019, Missouri Southern State University (MSSU) detected a cybersecurity incident triggered by a phishing email that compromised several employee accounts. The university immediately notified law enforcement, including the Federal Bureau of Investigation Cyber Crime Task Force and the Missouri Attorney General’s Office, and engaged a leading forensic investigation firm to halt the attack. Response actions included blocking potential email exploitation and conducting a mass password reset for all employee Office 365 accounts to prevent further unauthorized access. Forensic analysis of the compromised accounts revealed stored personal information within emails, including first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers. MSSU delayed public notification of affected individuals at law enforcement’s request while investigations proceeded.

Between late March and early May 2019, MSSU identified specific emails containing personal information that may have been exposed during the breach. By mid-May, the university confirmed that impacted accounts contained individuals’ first and last names alongside social security numbers. On June 13, 2019, MSSU mailed notification letters to all affected parties following the completion of investigative coordination with authorities. The university offered 24 months of complimentary credit monitoring to impacted individuals. No evidence emerged during the investigation that the exposed data had been misused maliciously. The incident remained under active review by external forensic specialists and law enforcement agencies throughout the response period.