Washington State University community members impacted by MOVEit related breach

The Washington State University (WSU) reports that their community members have been affected by a data breach that occurred through third-party vendors.

These vendors have informed the university about a cybersecurity incident that potentially exposed the personally identifiable information of both current and prospective students, as well as employees. The incident revolves around a widely used file-sharing application called MOVEit Transfer, which is employed by various businesses and organizations globally.

Although WSU itself does not use this software, several third-party service providers do, and they have reached out to the university regarding the potential exposure of sensitive information.

To address the situation, the university has established a dedicated website that will be regularly updated with additional information as more details become available.

The number of affected individuals nor the exposed information is not publicly shared.

Among the vendors that have contacted WSU are the National Student Clearinghouse, NSC, and the Teachers Insurance and Annuity Association, TIAA.

WSU contracts with NSC on a number of endeavors, including enrollment and degree verification services as well as student loan reporting requirements. Personally identifiable information and education records are provided to NSC as part of this work.

TIAA offers financial services to employees working in academic, research, medical, government and cultural fields. WSU provides the names, addresses, dates of birth and social security numbers of employees who use TIAA’s services. 

The university expects NSC and Pension Benefit Information, LLC, will contact impacted individuals directly as required by law.