Blocs

Blocs

National Data Breach Concerning TIAA and National Student Clearinghouse

To:    Temple University Students, Faculty and Staff
From:    Larry Brandolph, Vice President for IT and University Privacy Officer
Subject:    National Data Breach Concerning TIAA and National Student Clearinghouse
Date:    July 12, 2023

Temple University's Information Technology Services (ITS) is currently gathering additional details from National Student Clearinghouse (NSC) and TIAA regarding a recent security breach involving the MOVEit Transfer tool and its impact on our community.

Over the past few weeks, both NSC and TIAA, two service providers of the university, have notified us about a data breach related to the MOVEit Transfer tool. It is important to note that Temple University does not use the MOVEit Transfer tool and is not responsible for this breach.

This breach has potentially affected the personal information and data of some individuals within our community, joining millions of others across the nation. NSC and TIAA have assured us that anyone in our community who is affected will receive direct and formal notification, including information about the necessary steps to take and the appropriate contacts for any inquiries. It's worth considering that the data in question may have been provided by another institution utilizing NSC or TIAA services, so you might receive multiple notifications if you are impacted.

To ensure your safety, we recommend taking precautionary measures to protect yourself from data breaches, regardless of whether your data was compromised in this incident. Here are some steps you can take:

1. Regularly review your financial accounts and familiarize yourself with the "warning signs of identity theft" provided by the FTC.

2. Monitor your credit report through annualcreditreport.com.

3. Consider placing a credit freeze on your credit report with the three major credit reporting agencies: Equifax, Experian, and TransUnion.

4. Students should consider enrolling in an identity theft protection service, such as TrueIdentity from TransUnion.


Regarding NSC, they offer compliance reporting, data exchange, verification, and research services to numerous higher education institutions. For more information, you can visit their website.

As for TIAA, they provide investment and insurance services for employees in nonprofit organizations across various sectors, including academia, research, medicine, government, and culture. TIAA has informed us that the incident involves PBI, a vendor they use for verifying death notices, and that PBI utilizes the MOVEit Transfer tool. Temple employees have already started to receive email notifications this week.

The ITS team is actively leading the assessment and monitoring of the situation. We will continue to provide further communication via the ITS Security Incident Response and Investigation webpage as new information becomes available.