The latest victims of the global cybersecurity incident that resulted from the MOVEit file transfer software hack are the students and faculty of colleges in Idaho
The affected schools were maintained by the National Student Clearinghouse (NSC) and the Teachers InsuranceAnnuity Association of America (TIAA). The NSC has already contacted 7 schools, informing them that sensitive information, including identifiable information about students in school, has been found.
The affected colleges include:
- North IdahoCollege
- Lewis-Clark State College
- The University of Idaho
- College of Western Idaho
- Boise State University
- College of Southern Idaho
- and Idaho StateUniversity
The MOVEit file transfer service has been considered a global cybersecurity incident, targeting international companies and even provincial governments like Nova Scotia. Because sensitive personal information is carried through MOVEit, when hackers were able to find vulnerabilities in the software, they became privy to the information stored in files being transferred with MOVEit.
In this case, MOVEit was being used to transmit enrollment and degree data to various institutions and by the TIAA for managing retirement account information.
“No systems managed by OSBE or Idaho’s public higher education institutions have been compromised,” says the release by the Idaho State Board of Education.
In response, the NSC is providing information for anyone who may have been affected by the breach through https://alert.studentclearinghouse.org/. They recommend students check the website frequently, to make sure their information hasn’t been stolen.
Since none of the main systems were compromised, students or faculty members who had their information exposed (including first and last name, address, date of birth, and Social Security Number) don’t have to take direct action. In addition, those affected are being offered 2 years of free credit monitoring.
“The NSC believes that its systems have since been secured against further intrusion.TIAAsays the MOVEitTransfervulnerabilityhas not affected the company’s internal systems, and no information was obtained from TIAA’ssystems, concludes the report.