Cybersecurity Advisory
07/21/23
We have been informed by our third-party vendors, the National Student Clearinghouse and the Teachers Insurance and Annuity Association (TIAA), that a cybersecurity incident involving a third-party software tool (MOVEit) may have exposed personally identifiable information of current and prior students and employees.
At issue is the file-sharing application MOVEit Transfer used by businesses and organizations worldwide. It is important to note that Edmonds College does not use the MOVEit software, though these third-party service providers do.
At this time, we do not know if any of our data was part of the breach. The State Board for Community and Technical Colleges has advised us that ctcLink has not been affected, as this incident is localized to the third-party vendors.
National Student Clearinghouse
The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. Edmonds College works with the clearinghouse for a variety of purposes including enrollment and degree verification services and student loan reporting requirements. Data provided to the National Student Clearinghouse includes personally identifiable information and education records.
The National Student Clearinghouse has posted details about this incident on its website.
Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. Edmonds College provides names, addresses, dates of birth, and social security numbers for those employees who choose to participate in TIAA services. Further inquiry can also be directed to: TIAA’s National Contact Center 800-842-2252. TIAA’s Security Center at https://www.tiaa.org/public/support/security-center
What does this mean for you?
At this point, the college has not been made aware of any specific breach of data related to our students or employees. However, if you are concerned or have reason to believe that your personal information has been compromised, please follow the recommendations of the Federal Trade Commission:
- Closely monitor your credit reports.
- You can obtain a free copy of your credit report from each of the three major credit reporting agencies: Equifax, Experian, and TransUnion.
- Consider freezing your credit at each of the three major credit reporting agencies.
- Place a fraud alert on your accounts.
- A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the credit reporting agencies will automatically notify the other two credit reporting agencies.
- If you believe you are the victim of any identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov.
- Block electronic access to your Social Security information.
- Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.
Details will be posted on our website as more information becomes available.