(The Center Square) – A data breach may have exposed the personal information of Washington State University students and employees, according to WSU Insider.
Service providers including the National Student Clearinghouse, United Healthcare and the Teachers Insurance and Annuity Association told the university personal information may have been unveiled as part of the mass hacks exploiting a security flaw in the MOVEit file transfer tool.
WSU uses the NSC for enrollment, degree verification and student loan reporting services, according to WSU. The possible exposure includes personally identifiable information and education records.
“We have notified the organizations whose data we have identified as affected,” the NSC said on its website. “We also are coordinating with law enforcement.”
United Healthcare offers health insurance to WSU students, according to WSU. The company told the school hackers accessed personally identifiable information, as well as claims information for some of its student customers.
The TIAA offers investment and insurance services, and WSU gave the group names, addresses, birthdays and Social Security numbers for participating employees. The breach did not affect data from WSU to TIAA, but hackers likely accessed data shared with one of TIAA’s outside vendors.
The breach of the MOVEit file-transfer program, discovered in May, is estimated by cybersecurity experts to have compromised hundreds of organizations globally, including data held by state and federal agencies in the U.S.
Anyone who believes they are a victim of identity theft should file a police report and inform the Federal Trade Commission. Potential victims of the data breach should follow FTC guidelines of monitoring credit reports, setting a fraud alert on accounts, freezing credit to keep sensitive data from being accessed without specific consent and blocking access to Social Security information.
