MOVEit Breach Exposes The Information Of Idaho College Students, Employee

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

The latest victims of the global cybersecurity incident that resulted from the MOVEit file transfer software hack are the students and faculty of colleges in Idaho

The affected schools were maintained by the National Student Clearinghouse (NSC) and the Teachers InsuranceAnnuity Association of America (TIAA). The NSC has already contacted 7 schools, informing them that sensitive information, including identifiable information about students in school, has been found.

The affected colleges include:

  • North IdahoCollege
  • Lewis-Clark State College
  • The University of Idaho
  • College of Western Idaho
  • Boise State University
  • College of Southern Idaho
  • and Idaho StateUniversity

The MOVEit file transfer service has been considered a global cybersecurity incident, targeting international companies and even provincial governments like Nova Scotia. Because sensitive personal information is carried through MOVEit, when hackers were able to find vulnerabilities in the software, they became privy to the information stored in files being transferred with MOVEit.

In this case, MOVEit was being used to transmit enrollment and degree data to various institutions and by the TIAA for managing retirement account information.

“No systems managed by OSBE or Idaho’s public higher education institutions have been compromised,” says the release by the Idaho State Board of Education.

In response, the NSC is providing information for anyone who may have been affected by the breach through https://alert.studentclearinghouse.org/. They recommend students check the website frequently, to make sure their information hasn’t been stolen.

Since none of the main systems were compromised, students or faculty members who had their information exposed (including first and last name, address, date of birth, and Social Security Number) don’t have to take direct action. In addition, those affected are being offered 2 years of free credit monitoring.

“The NSC believes that its systems have since been secured against further intrusion.TIAAsays the MOVEitTransfervulnerabilityhas not affected the company’s internal systems, and no information was obtained from TIAA’ssystems, concludes the report.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."