Information Regarding the MOVEit data breaches

Body

WesternU has been notified by two of our service providers, National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association (TIAA), that certain personally identifiable information (PII) and data of some members of our community may have been impacted by the MOVEit Transfer tool data breach. This breach has affected hundreds of organizations handling the data of millions of people across the country. MOVEit is a widely used file transfer software tool that was susceptible to a zero-day vulnerability and exploited by an unauthorized party to gain access to the files transferred using the tool.

WesternU does not use the MOVEit software and WesternU’s computing systems were not affected by this breach. However, some members of the WesternU community may receive notices from third parties including TIAA, NSC, and possibly other organizations affected by the vulnerability. NSC and TIAA have informed WesternU that notices will be sent to those affected by the breach. Since this vulnerability affected many organizations, you may receive notices from other organizations or multiple notices regarding the same breach.

WesternU has been in contact with both TIAA and NSC since the initial notices were received and we continue to evaluate the situation. Updates will be posted to this page as they become available.

National Student Clearing House

NSC provides educational reporting and verification services to many higher education institutions, including WesternU. In connection with such services, WesternU shares information on WesternU students, including student social security numbers, but does not include any financial information. NSC has posted information about this incident to the NSC website.

TIAA

TIAA is a financial organization that acts as a fund sponsor under WesternU’s 403(b) contribution plan. TIAA has informed WesternU that certain personal information of participants in the plan, including social security numbers, was exposed in the MOVEit data breach. TIAA’s third-party vendor, Pension Benefit Information, LLC (PBI), which uses the MOVEit Software in providing services to TIAA, was directly affected by the data breach. TIAA has indicated that PBI will send the data breach notice on behalf of TIAA to affected persons. Information for safeguarding your TIAA account can be found at the TIAA Security Center.

Protecting Personal Information

Members of the WesternU community are encouraged to use tools to protect personal information and identify identity theft.

Details

Details

Article ID: 152843
Created
Tue 7/11/23 11:02 PM
Modified
Thu 7/13/23 8:57 AM