University provides important information for potentially affected students, employees to protect personal information
EAST LANSING, Mich. – Third-party service providers National Student Clearinghouse, or NSC, and TIAA recently informed Michigan State University that they were affected by a data breach resulting in the potential exposure of MSU community members’ personal data.
The cybersecurity vulnerability involved the MOVEit software, a cloud-based program used to support transferring of data files. Breach of the MOVEit platform has affected millions across the globe.
Importantly, at this time no MSU-owned or operated systems have been compromised by this incident. It is currently unknown, however, if this breach resulted in the unauthorized access of personal information for any members of the MSU community. The university is sharing this information with students and retirees for awareness as well as providing strategies to help them better protect their personal information.
NSC and TIAA have notified MSU that they will provide a list of any students or retirees whose information may have been exposed as a result of this incident. NSC is planning to have this information within the next few weeks. Any affected individuals will be separately and individually notified of the nature of such exposure and both organizations have shared they will provide additional monitoring services to impacted individuals.
“While we know there was no breach to Michigan State University’s networks or systems, this compromise of a third-party organization is concerning and compels us to notify our community and provide ways in which they can protect their information,” said MSU Executive Vice President for Administration and Chief Information Officer Melissa Woo. “While events like these are out of our control, they remind us of the importance of practicing good cybersecurity habits.”
MSU information technology and security experts recommended employees, students and the public to take the following actions to best protect themselves during a breach:
- Be aware of the possibility of phishing emails;
- Create effective passwords;
- Use multifactor authentication on devices and accounts whenever possible (this is already required for most MSU logins);
- Do not maintain data and files that are not needed; and
- Pull a free credit report annually. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting annualcreditreport.com or by calling toll-free 877-322-8228.
Woo assured the community that the university is closely watching this situation and will share additional information with the community as it becomes available.
NSC has established a webpage to keep students potentially impacted informed on its actions. TIAA’s partner, Pension Benefit Information, LLC, has established a similar webpage for retirees to stay informed about any updates regarding this incident.