Michigan State University says attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attackers injected malicious scripts designed to harvest and exfiltrate customers’ payment cards after exploiting a now-addressed website vulnerability. MSU is notifying all potentially affected customers of the data breach and is offering all of them free identity protection and credit monitoring. The university also says that the university’s security team addressed the site vulnerability used to gain access to the compromised online shop.
Source: https://www.bleepingcomputer.com/news/security/michigan-state-university-discloses-credit-card-theft-incident/