Two vendors have notified Peninsula College of a cybersecurity incident that may have exposed personally identifiable information of current students as well as employees.
At issue is the popular filesharing application MOVEit Transfer used by hundreds of businesses and organizations worldwide. PC does not use the MOVEit software, though two of the college’s vendors do and have contacted the college about the potential exposure of personally identifiable information.
The college has set up a website with more information on the incident, which will be updated as more details become available.
The two vendors that have contacted Peninsula College are the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA).
PC contracts with NSC on a number of endeavors, including enrollment and degree verification services as well as student loan reporting requirements. The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. Personally identifiable information and student education records are provided to NSC as part of this work.
Additional details about the incident are available on NSC’s website.
TIAA offers financial services to employees across the country working in academic, research, medical, government and cultural fields. Peninsula College provides TIAA with personally identifiable information of employees who use TIAA’s services. Data transferred from PC to TIAA was not compromised as part of the incident, though the organization has indicated that Pension Benefit Information, LLC, one of its vendors, has been impacted.
For more information contact TIAA's National Contact Center 1-800-842-2252.
The college expects NSC and Pension Benefit Information, LLC, will contact impacted individuals directly, as required by law. The timeline of that notification is unknown.
Peninsula College is sending this message to inform students and employees so they can take steps to keep their identity as secure as possible. Any members of the PC community who believe their personal information may have been compromised are advised to follow the recommendations of the Federal Trade Commission:
Closely monitor your credit reports.
- You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.
Place a fraud alert on your accounts.
- A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
Freeze your credit at each of the three major credit reporting agencies.
If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at identitytheft.gov.
Block electronic access to your Social Security information.
- Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.
PBI will send affected individuals a letter by mail in the coming weeks offering free credit monitoring for two years at no cost to them.