Mercer University Suffers Major Data Breach, Over 93,000 Affected

• Mercer University recently suffered a substantial data breach affecting 93,512 individuals, with unauthorized access to personal identifiers and driver’s license numbers or non-driver identification card numbers. The breach occurred between February 12 and February 24, 2023, and was discovered on April 30, 2023.
• The university is addressing the situation by notifying affected individuals, offering one year of complimentary identity monitoring and theft protection services through Experian IdentityWorks Credit 3B, and establishing a toll-free response line for inquiries. They have also reinforced their commitment to enhancing the security of their computer systems to prevent future incidents.

Macon, GA – Mercer University, a leading educational institution, recently announced a significant data breach that compromised the personal information of 93,512 individuals. The university discovered the breach on April 30, 2023, but the unauthorized access occurred between February 12 and 24, 2023.

The breach was confirmed in a notice submitted by John Hutchins, a partner at Baker & Hostetler LLP, who is acting as outside counsel for the university. Hutchins revealed that an external system breach, or hacking incident, led to the unauthorized access of certain files stored on Mercer University’s computer servers.

The compromised data included names or other personal identifiers in combination with driver’s license numbers or non-driver identification card numbers. Among the affected individuals, 21 are residents of Maine.

Mercer University launched an investigation immediately upon identifying the incident and alerted law enforcement. The university also secured the systems involved and has been working closely with leading experts to minimize the risk of such events occurring in the future.

In the notice, Hutchins stated, “Mercer has taken, and will continue to take, steps to further enhance the security of the Mercer computer systems and data they maintain.”

The university is now sending out notification letters to the affected individuals, complying with Me. Rev. Stat. Tit. 10, §1348.1. The letters, which began being mailed on May 24, 2023, inform recipients of the breach and offer complimentary identity monitoring and identity theft protection services for one year.

The services are being provided through Experian IdentityWorks Credit 3B, a product that detects potential misuse of personal information and provides immediate identification and resolution of identity theft.

Furthermore, Mercer University has established a dedicated, toll-free incident response line to answer questions that individuals may have about the data breach. The contact number is 866-347-6455, operational between the hours of 8:00 a.m. and 5:30 p.m., Central Time, excluding major U.S. holidays.

Mercer University has expressed its commitment to the security of its computer systems, stating, “We take the security of our computer systems very seriously. Like many higher education institutions, we recently experienced unlawful access into our computer systems.”

The university remains vigilant and proactive in its efforts to enhance the security of its computer systems and to safeguard the data it maintains.