Request Information
Ready to find out what MSU Denver can do for you? We’ve got you covered.
Have Questions? We have answers.
Contact Us
Latest Updates
Updated July 24, 2025
To help keep the Roadrunner community informed and protected, MSU Denver shares timely updates about known cyberattacks and data breaches that may affect our students, faculty, and staff. While these incidents often originate outside the University, we post relevant information to help community members take appropriate steps to safeguard their personal information.
Information is updated on a regular basis and incident specific information is archived one year after first notice.
ALERT: Workday Breach Notification – August 2025
The MSU Denver ITS team has been made aware of a data breach in association with our vendor Workday (this was not a breach of MSU Denver systems). Workday was a victim of social engineering that led to a breach of their Salesforce Customer Relationship Management (CRM) platform. This breach does not include sensitive MSU Denver HR information held within Workday itself.
Learn more about the incident here
Who was impacted? 300 MSU Denver employees had some non-sensitive information (MSU Denver email addresses and phone numbers) exposed during this breach; all have been notified by ITS separately.
What can you do? Stay diligent by identifying common signals of phishing. These include but are not limited to:
- Email address mismatch (the sender name might look familiar, but the actual email address is off)
- Generic greetings (“Dear Customer” instead of your name)
- Urgent or Threatening Language
- Claims like “Your account will be suspended”
- Pressure to act quickly without time to think
- Unusual Links or Attachments
- Links that don’t match the legitimate domain (hover to preview before clicking)
- Unexpected attachments, especially, .exe, .zip, or .scr files
- Use of a trusted service but from an unknown sender (e.g. SharePoint links)
Learn more about reporting spam or phishing here
Email Account Security Incident - January 2025
On January 4, 2025, MSU Denver became aware of a cybersecurity incident that impacted a limited number of accounts in their email environment. Upon becoming aware of the incident, MSU Denver promptly changed passwords and engaged leading privacy professionals and data security experts to assist in an investigation. No evidence was found revealing misuse of personal information for identity theft or fraud.
This was a cybersecurity incident involving unauthorized access to certain MSU Denver email accounts. While the incident was limited in scope, we take all unauthorized access seriously and are working diligently to prevent any further unauthorized or suspicious activity.
The findings of the investigation revealed that the personal information of some MSU Denver students was impacted. The specific data elements vary for each individual. Individuals whose information was involved will receive a formal notification letter by mail with additional details and steps they can take to protect their personal information.
After discovering the incident, MSU Denver took action to secure the compromised accounts and prevent further unauthorized access by changing passwords and engaging data security and privacy professionals to assist in an investigation.
If your information has been impacted, you will receive a formal notification letter in the mail providing additional information regarding this incident. Further student questions can be directed to [email protected].
Information Security at MSU Denver
- Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Use Strong Passwords and Account Security: Update your online accounts with unique and strong passwords. Enable multi-factor authentication wherever possible.
- Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide personal information unless you are certain of the source’s authenticity.
- Fraud Alerts: Consider placing a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. When one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year.
- Credit Freezes: Consider placing a credit freeze with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information.
- Contact any one of the three major credit bureaus to place an alert or credit freeze.
- Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
- Experian: experian.com/help or 1-888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Learn more about proactive steps you can take at www.identitytheft.gov/databreach.
MSU Denver has a solid security program in compliance with applicable data privacy and security standards. We leverage multi-factor authentication, data encryption, and security event and incident management tools. The University also performs regularly scheduled assessments, among other security measures.