As an MSU grad, I feel like they handled this well. As anyone who reads Brian Krebs' site can tell you, a lot of companies have waited months to make similar announcements. It took them a week. Two years of protection is generous as well—usually it's a year in such breaches.
"The affected database contained records for all faculty, staff and students who were employed by the university between 1970 and Nov. 13, and all students who attended the university between 1991 and 2016."
I bristle a little at "handled this well". All they've done so far is disclose the basics. Great. But the breach covers just about every employee (student employees included) for the past 46 years plus all students since 1991. I'll defer judgement on how well they handle it. Mean time, credit monitoring; oh joy.
How is who your employer was private? I would never expect that to be confidential nor upset if it became public. Surprised, yes, but what's the harm? Your workmates all knew you worked there and could have tattled on you.
And I say that not being a rah-rah alum, either.