The University of Illinois system learned in June that personal information of some of its past and present students was exposed in a May 31 global cyberattack. Emails went out July 3 to students, faculty and staff.
It is unknown how many students’ information was compromised at the National; Student Clearinghouse, where higher education data on students is kept and exchanged, said Joe Barnes, chief digital risk officer at the U of I system. The global May 31 attack of a file-transfer system also hit about 390,000 state of Illinois employees.
“The National Student Clearinghouse in early June notified the many higher education institutions that use NSC that it had been impacted by the MOVEit breach and that it was investigating,” said Barnes in a message to NPR Illinois.
“On June 26, the U of I System received notification from NSC that some U of I System students were in the scope of the breach, but NSC did not provide information on which students or what data was breached. NSC’s investigation is ongoing.”
A nonprofit and nongovernmental organization, NSC provides reporting, data exchange, verification and research services.
A vulnerability in MOVEit, a software product that assists in transferring data files, was found and NSC and other users shut down the access and applied additional security measures, according to the message to students and employees.
“While there is no indication at this time that any compromised information has been used fraudulently, NSC is continuing to investigate and will send a notice directly to the individuals whose data was accessed,” wrote Barnes and Nicholas P. Jones, executive vice president and vice president of academic affairs, wrote in the email. “We will advocate for that notification to take place as soon as possible.”
NSC reports that it has no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications.
“The system will continue to monitor this matter and provide additional updates to those affected,” the email said. “We understand that these types of situations may be stressful for the individuals involved. We will continue to monitor the developing events, to work with other institutions and to follow up with additional communications as soon as possible.
To help manage the risk of identity theft, the system recommends that you use your right to a free annual credit report from each of the major credit reporting companies Experian, Equifax or TransUnion.
You may also wish to consider contacting the Federal Trade Commission:
Phone: 1-202-326-2222
Web: https://www.ftc.gov or https://www.consumer.ftc.gov/features/feature-0014-identity-theft
