Information Security's mission is to defend the institution's data, systems, infrastructure, and users from cybersecurity threats.
MOVEit Global Security Alert
Any new information regarding the impacts of the MOVEit vulnerability will be posted here.
I am writing to draw your attention to an ongoing cybersecurity event that could impact the University of Northern Colorado community. Over 200 companies have confirmed that their systems have been impacted by a vulnerability in a file transfer platform (MOVEit). The affected businesses are reporting incidents of data theft and ransomware attacks.
The University of Northern Colorado does not use MOVEit and none of our internal systems were breached , but a few of our business or regulatory partners that use the MOVEit platform have reported being impacted. The National Student Clearinghouse and TIAA have informed us that their systems may have been affected.
Individuals are unlikely at this time to know whether their personal data were impacted. To take proactive steps to protect your identity, learn more about actions you can take: https://www.identitytheft.gov/databreach.
National Student Clearinghouse and TIAA have provided us with the following information regarding the incident:
National Student Clearinghouse: provides educational reporting and research services to many higher education institutions and utilizes the MOVEit Transfer software. For updates and general information, visit the National Student Clearinghouse website.
TIAA: one of our retirement plan recordkeepers, uses Pension Benefit Information, LLC (“PBI”) to assist TIAA in death claim and beneficiary processes. PBI used the MOVEit Transfer software, and TIAA has indicated that some UNC participant data was accessed in the cyberattack against PBI. For updates and general information, visit the PBI website.
These partners have not been able to provide UNC with a list of individuals who may be impacted as their investigations are ongoing. UNC is in regular contact with each of our partners, and we are monitoring updates through our cybersecurity intelligence networks, including CISA, the FBI, and the Department of Homeland Security.
CISO Note: I think the most likely impact from this global event is an increase in incidents of identity theft. I have reviewed and updated one of our advice articles on how to prevent Identity Theft. https://www.unco.edu/cybersecurity/faculty-and-staff-resources/identity-theft.aspx