Several third-party vendors have notified the university of a cybersecurity incident that may have exposed personally identifiable information of current and prospective students as well as employees.
At issue is the popular filesharing application MOVEit Transfer used by businesses and organizations worldwide. WSU does not use the MOVEit software, though several third-party service providers do and have contacted the university about the potential exposure of personally identifiable information.
The university has set up a website with more information on the incident, which it will update as more details become available.
Among the vendors that have contacted WSU are the National Student Clearinghouse, NSC, and the Teachers Insurance and Annuity Association, TIAA.
WSU contracts with NSC on a number of endeavors, including enrollment and degree verification services as well as student loan reporting requirements. Personally identifiable information and student education records are provided to NSC as part of this work.
Additional details about the incident are available on NSC’s website.
TIAA offers financial services to employees working in academic, research, medical, government and cultural fields. WSU provides the names, addresses, dates of birth and social security numbers of employees who use TIAA’s services. Data transferred from WSU to TIAA was not compromised as part of the incident, though the organization has indicated that Pension Benefit Information, LLC, one of its vendors, has been impacted.
The university expects NSC and Pension Benefit Information, LLC, will contact impacted individuals directly as required by law.
But in the meantime, any members of the WSU community who believe their personal information has been compromised are advised to follow the recommendations of the Federal Trade Commission:
- Closely monitor your credit reports.
- You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.
- Place a fraud alert on your accounts.
- A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
- Freeze your credit at each of the three major credit reporting agencies.
- If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov.
- Block electronic access to your Social Security information.
- Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.
