UM
Company Details
Linkedin ID:
university-of-michigan
Website:
Employees number:
38,381
Number of followers:
817,229
NAICS:
6113
Industry Type:
Homepage:
umich.edu
IP Addresses:
185
Company ID:
UNI_1743929
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
University of Michigan Vendor Cyber Rating & Cyber Score
umich.eduThe mission of the University of Michigan is to serve the people of Michigan and the world through preeminence in creating, communicating, preserving, and applying knowledge, art, and academic values, and in developing leaders and citizens who will challenge the present and enrich the future. Why Work at Michigan? Being part of something greater, of serving a larger mission of discovery and care — that's the heart of what drives people to work at Michigan. In some way, great or small, every person here helps to advance this world-class institution. It's adding a purpose to your profession. Work at Michigan and become a victor for the greater good.
University of Michigan A.I CyberSecurity Scoring
UM Risk Score (AI oriented)Between 750 and 799
UM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UM Global Score (TPRM)XXXX
UM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UM Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
University of Michigan
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Former University of Michigan assistant football coach Matthew Weiss was indicted on charges of hacking into student athlete databases, affecting over 150,000 people. Targeting primarily female athletes, he accessed personal information, medical records, and private photographs from more than 100 colleges and universities. Weiss also cracked encryption to gain unauthorized elevated access, and exploited university authentication processes.
University of Michigan
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The University of Michigan experiencing a cyberattack after that it has severed its ties to the internet and cut off access to some systems. They did this to provide our information technology staff the room they needed to handle the problem in the safest way possible. While working round-the-clock, the crew has already succeeded in regaining access to some systems.
UM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UM
Incidents vs Higher Education Industry Average (This Year)
No incidents recorded for University of Michigan in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for University of Michigan in 2026.
Incident Types UM vs Higher Education Industry Avg (This Year)
No incidents recorded for University of Michigan in 2026.
Incident History — UM (X = Date, Y = Severity)
UM cyber incidents detection timeline including parent company and subsidiaries
UM Company Subsidiaries
The mission of the University of Michigan is to serve the people of Michigan and the world through preeminence in creating, communicating, preserving, and applying knowledge, art, and academic values, and in developing leaders and citizens who will challenge the present and enrich the future. Why Work at Michigan? Being part of something greater, of serving a larger mission of discovery and care — that's the heart of what drives people to work at Michigan. In some way, great or small, every person here helps to advance this world-class institution. It's adding a purpose to your profession. Work at Michigan and become a victor for the greater good.
Loading...
UM Similar Companies
Uppsala University
Uppsala University strives to bring new perspectives to the basic questions of science as well as knowledge contributing to sustainable development and human health. We offer 39 different master programmes covering over 60 different specialisations. In Uppsala you walk in the gardens of Linnaeus, fo
University of California, Davis
UC Davis was founded in 1908 to serve the state of California. We do and we always will. Today, that seed planted years ago has grown into one of the world’s top universities. UC Davis has a community of faculty and staff who are leading the way in teaching, research, public service and patient car
USP - Universidade de São Paulo
A Universidade de São Paulo (USP) é uma universidade pública, mantida pelo Estado de São Paulo e ligada à Secretaria de Desenvolvimento Econômico, Ciência, Tecnologia e Inovação (SDECTI). O talento e dedicação dos docentes, alunos e funcionários têm sido reconhecidos por diferentes rankings mundiais
Indiana University Bloomington
Indiana University Bloomington is the flagship residential, research-intensive campus of Indiana University. Its academic excellence is grounded in the humanities, arts and sciences, and a range of highly ranked professional programs. Founded in 1820, the campus serves more than 42,000 undergradua
Baylor College of Medicine
Baylor College of Medicine is a health sciences university that creates knowledge and applies science and discoveries to further education, healthcare and community service locally and globally. Located in the Texas Medical Center, Baylor College of Medicine has affiliations with eight teaching hosp
Florida State University
Florida State University offers a unique academic environment built on our cherished values, distinctive heritage, and welcoming campus. Florida State has it all, offering nationally-ranked academics, world-renowned faculty, championship athletics, and a prime location in the heart of the state capi
University of South Florida
The University of South Florida, a high-impact research university dedicated to student success and committed to community engagement, generates an annual economic impact of more than $6 billion. With campuses in Tampa, St. Petersburg and Sarasota-Manatee, USF serves approximately 50,000 students wh
This is the official LinkedIn page of the the University of Nebraska System, the state of Nebraska's only public university. The NU System is comprised of four campuses: the University of Nebraska-Lincoln, the University of Nebraska at Omaha, the University of Nebraska Medical Center, and the Univer
University of California, San Francisco
UC San Francisco is driven by the idea that when the best research, the best education and the best patient care converge, great breakthroughs are achieved. We pursue this integrated excellence with singular focus, fueled by collaboration among our top-ranked professional and graduate schools, medic
.png)
UM CyberSecurity News
March 31, 2026 06:50 PM
UM spinoff cybersecurity firm lands $70M new financing round for AI push
Ann Arbor-based cybersecurity firm Censys Inc. has landed $40 million in new venture capital funding and secured $30 million in debt...
December 22, 2025 08:00 AM
Docs reveal former University of Michigan staffer in building at time of alleged hack
Court documents are revealing more details about the indictment of former University of Michigan co-offensive coordinator Matt Weiss.
December 19, 2025 08:00 AM
Michigan CIO Laura Clark Departs for a University Role
Eric Swanson, who leads the Michigan Center for Shared Solutions, will concurrently serve as the state's acting chief information officer,...
November 20, 2025 08:00 AM
UM-Flint tops in cybersecurity online program
University of Michigan – Flint is being recognized for leading Michigan in training the next generation of cybersecurity experts.
October 16, 2025 07:00 AM
UMich Board of Regents discusses cybersecurity, Big Ten financial deal and OSCR appeals board
“For those of us with trans kids, whom we love, support and fight every day to keep healthy and safe, your Aug. 25 announcement was a...
September 29, 2025 07:00 AM
FBI cyber leader headlines WMU cybersecurity summit
The summit, which will take place in the student center's second-floor ballroom, will feature a dynamic lineup of speakers, including Brett...
September 12, 2025 06:23 AM
WMU's 4th Annual Cybersecurity Summit
Western Michigan University's Office of Information Technology invites you to the 4th Annual Cybersecurity Summit — a full-day event designed to engage...
September 05, 2025 01:15 PM
Michigan’s cybersecurity leaders are pursuing a “culture change” for diversity in their field
Several local initiatives are paving the way to eliminate barriers and attract more women and people of color to rewarding cybersecurity careers.
July 08, 2025 07:00 AM
Students place second in international cybersecurity competition
A team of four Western Michigan University students placed second in the undergraduate division of the 2025 Social Engineering competition at Temple University...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UM CyberSecurity History Information
Official Website of University of Michigan
The official website of University of Michigan is https://umich.edu/.
University of Michigan’s AI-Generated Cybersecurity Score
According to Rankiteo, University of Michigan’s AI-generated cybersecurity score is 751, reflecting their Fair security posture.
How many security badges does University of Michigan’ have ?
According to Rankiteo, University of Michigan currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has University of Michigan been affected by any supply chain cyber incidents ?
According to Rankiteo, University of Michigan has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does University of Michigan have SOC 2 Type 1 certification ?
According to Rankiteo, University of Michigan is not certified under SOC 2 Type 1.
Does University of Michigan have SOC 2 Type 2 certification ?
According to Rankiteo, University of Michigan does not hold a SOC 2 Type 2 certification.
Does University of Michigan comply with GDPR ?
According to Rankiteo, University of Michigan is not listed as GDPR compliant.
Does University of Michigan have PCI DSS certification ?
According to Rankiteo, University of Michigan does not currently maintain PCI DSS compliance.
Does University of Michigan comply with HIPAA ?
According to Rankiteo, University of Michigan is not compliant with HIPAA regulations.
Does University of Michigan have ISO 27001 certification ?
According to Rankiteo,University of Michigan is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of University of Michigan
University of Michigan operates primarily in the Higher Education industry.
Number of Employees at University of Michigan
University of Michigan employs approximately 38,381 people worldwide.
Subsidiaries Owned by University of Michigan
University of Michigan presently has no subsidiaries across any sectors.
University of Michigan’s LinkedIn Followers
University of Michigan’s official LinkedIn profile has approximately 817,229 followers.
NAICS Classification of University of Michigan
University of Michigan is classified under the NAICS code 6113, which corresponds to Colleges, Universities, and Professional Schools.
University of Michigan’s Presence on Crunchbase
No, University of Michigan does not have a profile on Crunchbase.
University of Michigan’s Presence on LinkedIn
Yes, University of Michigan maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/university-of-michigan.
Cybersecurity Incidents Involving University of Michigan
As of April 02, 2026, Rankiteo reports that University of Michigan has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
University of Michigan has an estimated 15,823 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at University of Michigan ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does University of Michigan detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with severed internet ties, containment measures with cut off access to some systems, and recovery measures with regained access to some systems..
Incident Details
Can you provide details on each incident ?
Title: University of Michigan Cyberattack
Description: The University of Michigan experienced a cyberattack, leading to the severing of its ties to the internet and cutting off access to some systems. This was done to allow the information technology staff to handle the problem safely. The crew has regained access to some systems while working round-the-clock.
Type: Cyberattack
Title: Data Breach at University of Michigan and Other Institutions
Description: Former University of Michigan assistant football coach Matthew Weiss was indicted on charges of hacking into student athlete databases, affecting over 150,000 people. Targeting primarily female athletes, he accessed personal information, medical records, and private photographs from more than 100 colleges and universities. Weiss also cracked encryption to gain unauthorized elevated access, and exploited university authentication processes.
Type: Data Breach
Attack Vector: Hacking, Encryption Cracking, Unauthorized Access
Vulnerability Exploited: Weaknesses in university authentication processes
Threat Actor: Matthew Weiss
Motivation: Unauthorized access to personal information
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Student athlete databases.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyberattack UNI2574923
Systems Affected: Some systems
Operational Impact: Internet access severed
Incident : Data Breach UNI002032125
Data Compromised: Personal information, Medical records, Private photographs
Legal Liabilities: Indictment on charges of hacking
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Medical Records, Private Photographs and .
Which entities were affected by each incident ?
Incident : Cyberattack UNI2574923
Entity Name: University of Michigan
Entity Type: Educational Institution
Industry: Education
Location: Michigan, USA
Incident : Data Breach UNI002032125
Entity Name: University of Michigan
Entity Type: University
Industry: Education
Location: United States
Customers Affected: 150000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyberattack UNI2574923
Containment Measures: Severed internet tiesCut off access to some systems
Recovery Measures: Regained access to some systems
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UNI002032125
Type of Data Compromised: Personal information, Medical records, Private photographs
Number of Records Exposed: 150000
Sensitivity of Data: High
Data Encryption: Yes, but cracked
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by severed internet ties, cut off access to some systems and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Regained access to some systems, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach UNI002032125
Legal Actions: Indictment on charges of hacking
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Indictment on charges of hacking.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI002032125
Entry Point: Student athlete databases
High Value Targets: Female athletes
Data Sold on Dark Web: Female athletes
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach UNI002032125
Root Causes: Weaknesses in university authentication processes
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Matthew Weiss.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal information, Medical records, Private photographs and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Severed internet tiesCut off access to some systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Medical records, Private photographs and Personal information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 150.0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Indictment on charges of hacking.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Student athlete databases.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=university-of-michigan' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
