Colorado State University reports data breach caused by MOVEit vulnerability
Learn More
Colorado State University (CSU) has confirmed that sensitive personal information of current and former students and employees has been stolen in a data breach. The breach occurred during the recent MOVEit Transfer vulnerability attacks.
On July 12th, 2023, CSU notified its students and staff about the breach. The extent and impact of the data breach are still being assessed
CSU warned that the stolen data includes personally identifiable information of prospective, current, and former students, as well as current and former employees.
The compromised information may include
- first names, middle initials,
- last names,
- dates of birth,
- student or employee identification numbers,
- social security numbers,
- demographic details such as gender, ethnicity,
- level and area of education.
The breached data is believed to date as far back as 2021 or even earlier, potentially impacting graduates as well.
CSU clarified that the data leak resulted from a compromise of the university's service vendors, namely TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife, and The Hartford. These vendors utilized the MOVEit Transfer security file transfer platform, which was breached in a series of data-theft attacks in May 2023.
These vendor entities provide services to numerous universities across the United States, suggesting that similar disclosures from other educational institutes may be forthcoming.
CSU plans to send individual notification letters to those impacted, providing additional resources and guidance for protection.
