Idaho higher education institutions exposed in MOVEit data breach

The Office of the Idaho State Board of Education (OSBE) announced that the MOVEit vulnerability data breach has compromised personally identifiable information of students at multiple Idaho public colleges and universities.

MOVEit Transfer software, was used by the National Student Clearinghouse (NSC) and Teachers Insurance Annuity Association of America (TIAA).

• NSC has notified multiple Idaho educational institutions, including the University of Idaho, Idaho State University, Boise State University, the College of Western Idaho, the College of Southern Idaho, North Idaho College, and Lewis-Clark State College, that some students' information has been compromised.
• TIAA, one of the companies administering the SBOE's optional retirement plans for institutional faculty and staff, informed the OSBE that personal information of some employees may have been compromised.

The OSBE clarifies that none of its managed systems or Idaho's public colleges or universities have been compromised.

Students are advised to regularly check the NSC website for further updates. TIAA will be sending affected individuals letters by mail, offering free credit monitoring for two years. The NSC is working with law enforcement, implementing security patches, and maintaining updated software and systems.