Drake University students, alumni exposed by MOVEit related data breach
Learn More
Drake University is reporting a data breach that could affect its students and staff, involving two of its service providers, namely the National Student Clearinghouse and the Teachers Insurance and Annuity Association. The breach was linked to a vulnerability in the MOVEit Transfer software and was confirmed to have been exploited by an unknown party.
The delay in sharing information about this breach was due to the complex chain of communication involved. Drake University was a customer of a company whose vendor had experienced the breach, which required information to pass through multiple layers of review and approval before it could be shared with affected schools.
Both the National Student Clearinghouse and the Teachers Insurance and Annuity Association issued security alerts, indicating that this breach had impacted at least 1,000 different schools across the country. Those directly affected were likely individuals who had used the services of these providers in recent months to request academic transcripts.
Personal information potentially compromised in the breach includes
- names,
- dates of birth,
- academic transcripts
of current and former students.
All affected students and alumni will receive direct notifications via postal mail.
According to the National Student Clearinghouse, it's believed that no more than five current or former Drake students were affected by the breach. However, the Teachers Insurance and Annuity Association estimates a higher number, closer to 640 current or former Drake students on their end.
Fortunately, there's no evidence to suggest that the unauthorized party obtained other sensitive information such as social security numbers or addresses from the student database, as confirmed by Cameron Wright, a media representative for NSC.
The investigation is ongoing, with Drake University in contact with law enforcement and having hired a third-party investigator. Security updates have been applied to the software to prevent a recurrence, and continuous system monitoring is in place.
