University of Utah reports being impacted by MOVEit Vendor Data Breach

The University of Utah is currently monitoring three separate data breaches connected to MOVEit Transfer, a file transfer software utilized by third-party contractors. These breaches have affected different sectors within the university, including U Advancement, Human Resources, and student records managed by the University Registrar through the National Student Clearinghouse.

1. In the U Advancement breach, which was reported on June 29, a third-party vendor discovered a security breach involving donor records, impacting approximately 30 planned/legacy giving donors. Personal information, including names, birthdates, and Social Security numbers, was exposed. The impacted donors have been notified, and the vendor is offering two years of free credit monitoring to the affected individuals. No fraudulent activity has been reported thus far.
2. On July 7, TIAA informed University Human Resources that data of over 13,800 current and former employees, such as dates of birth and Social Security numbers, may have been exposed. Human Resources is collaborating with TIAA to investigate the incident and will communicate with the affected employees as more details emerge. The individuals impacted will also receive direct information from TIAA and their vendor partner.
3. The University Registrar is currently working with its third-party vendor to determine the extent of the impact on student records. Other educational institutions in Utah, including state colleges, universities, and the Utah System of Higher Education, are also assessing the breach. The USHE student notice provides additional information.

As the investigation progresses, updates regarding these data breaches will be provided.