Updated September 1, 2023
Peninsula College (PC) has received more information about the number of students, employees and retirees whose personally identifiable information may have been exposed by a third-party cybersecurity incident. Earlier this summer, the popular filesharing application MOVEit Transfer used by hundreds of businesses and organizations worldwide was impacted by a cybersecurity incident. The College does not use the MOVEit software, though two of the college’s vendors do: NSC and TIAA.
For the National Student Clearinghouse (NSC) MoveIt incident, PC had one student impacted. That student has been notified by the College and NSC. NSC is offering to provide two years of free credit monitoring services for this student.
The State Board for Community and Technical Colleges (SBCTC) – the governing state agency that oversees all 34 colleges across the state – is coordinating the response for employees and retirees who may have been impacted if their personally identifiable information was potentially exposed by PBI, a third-party vendor to Teachers Insurance and Annuity Association (TIAA). The SBCTC notified 12,400 employees and retirees across the state’s college system; PBI is offering to provide two years of free credit monitoring services to these individuals.
Last month when the College was notified of this cybersecurity incident, it formed a robust staff and President-led taskforce that worked closely with the state’ attorneys general office. They reached out to NSC to gain assurance students’ needs would be met. They researched TIAA’s role, and determined the College was two steps removed from the incident through PBI and the SBCTC would be taking the lead. They informed the college and community with the information on hand.
The college contracts with NSC on a number of endeavors, including enrollment, transcript ordering and degree verification services as well as student loan reporting requirements. The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. Personally identifiable information and student education records are provided to NSC as part of this work.
TIAA offers financial services to employees across the country working in academic, research, medical, government and cultural fields. Peninsula College provides TIAA with personally identifiable information of employees who use TIAA’s services. Data transferred from PC to TIAA was not compromised as part of the incident, though the organization has indicated that Pension Benefit Information, LLC, one of its vendors, has been impacted.
The safety and security of students, staff, and faculty is the college’s top priority, and it remains committed to thoroughly assessing any potential impacts. This cyber breach did not impact Peninsula College's network or internal systems.
In light of this incident, the Peninsula College community should remain vigilant and continue monitoring their personal information closely. Cybersecurity incidents like this have affected numerous organizations nationwide, highlighting the importance of staying informed and proactive in safeguarding personal data and to promptly report any unusual activities. There are steps to help safeguard and help protect identity: Obtain a free annual credit report from each major credit reporting company, namely Experian, Equifax, and TransUnion. In case of any concerns regarding identity theft, people may also wish to consider contacting the Federal Trade Commission through their website at https://www.ftc.gov/ or https://consumer.ftc.gov/features/identity-theft. These proactive measures can help safeguard personal information and financial well-being.
Updated July 18, 2023
According to national news media reports, many businesses and organizations worldwide have been impacted by a cybersecurity incident related to a widely used filesharing application known as MOVEit Transfer.
While Peninsula College does not use the MOVEit software, PC has received notifications from two of its vendors that personally identifiable information from some current PC students and employees may have been exposed.
The vendors who have contacted PC are the National Student Clearinghouse (NSC), and the Teachers Insurance and Annuity Association (TIAA).
National Student Clearinghouse
The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. PC works with the clearinghouse for a variety of purposes including enrollment and degree verification services and student loan reporting requirements. Data provided to the National Student Clearinghouse includes personally identifiable information and education records.
The National Student Clearinghouse has posted details about this incident on its website.
Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that offers investment and insurance services to employees across the country working in the academic, research, medical, governmental, and cultural fields. Peninsula College provides the names, addresses, gender, dates of birth and social security numbers of employees who use TIAA’s services. Data transferred from PC to TIAA was not compromised as part of the incident, though the organization has indicated that Pension Benefit Information, LLC, one of its vendors, has been impacted.
For more information contact TIAA's National Contact Center 1-800-842-2252.
What steps can I take to protect myself?
The Federal Trade Commission offers recommendations if you think your personal information has been compromised. These include:
Closely monitor your credit reports.
- You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.
Place a fraud alert on your accounts.
- A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
Freeze your credit at each of the three major credit reporting agencies.
If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov.
Block electronic access to your Social Security information.
Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.
Moving forward
PBI will send affected individuals a letter by mail in the coming weeks offering free credit monitoring for two years at no cost to them.
Peninsula College will continue to update this webpage as new information becomes available from the service providers.