Third-party data breach impacts WSU community

Several third-party vendors have notified the university of a cybersecurity incident that may have exposed personally identifiable information of current and prospective students as well as employees.

At issue is the popular filesharing application MOVEit Transfer used by businesses and organizations worldwide. WSU does not use the MOVEit software, though several third-party service providers do and have contacted the university about the potential exposure of personally identifiable information.

The university has set up a website with more information on the incident, which it will update as more details become available.

Among the vendors that have contacted WSU are the National Student Clearinghouse, NSC, and the Teachers Insurance and Annuity Association, TIAA.

WSU contracts with NSC on a number of endeavors, including enrollment and degree verification services as well as student loan reporting requirements. Personally identifiable information and student education records are provided to NSC as part of this work.

Additional details about the incident are available on NSC’s website.

TIAA offers financial services to employees working in academic, research, medical, government and cultural fields. WSU provides the names, addresses, dates of birth and social security numbers of employees who use TIAA’s services. Data transferred from WSU to TIAA was not compromised as part of the incident, though the organization has indicated that Pension Benefit Information, LLC, one of its vendors, has been impacted.

The university expects NSC and Pension Benefit Information, LLC, will contact impacted individuals directly as required by law.

But in the meantime, any members of the WSU community who believe their personal information has been compromised are advised to follow the recommendations of the Federal Trade Commission:

  • Closely monitor your credit reports.
    • You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.
  • Place a fraud alert on your accounts.
    • A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
  • Freeze your credit at each of the three major credit reporting agencies.
  • If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at
  • Block electronic access to your Social Security information.
    • Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.

Next Story

Faculty, AP staff to receive 2% salary increases

Funding for a 1.6% increase was provided by the Washington Legislature, with WSU contributing additional resources to round up the pay boost for thousands of employees across the university system.

Recent News

Brad Corbin named to NCAA Division I Council

The National Collegiate Athletic Association recently appointed Corbin, deputy director of athletics, to the council for a four‑year term.

New spring wheat variety named for pioneering Black family

Bush soft white spring wheat honors settler George Bush and his family who helped indigenous populations battle disease and saved fellow settlers during the 1852 famine.

Robotic gripper for automated apple picking developed

A robotic gripper developed by WSU researchers was able to successfully grab more than 87.5% of the apples in an orchard without damaging the fruit.