WWU monitoring nationwide MOVEIt data breach
Earlier in July, several institutions of higher education, banks and other organizations nationwide experienced a cyberattack involving multiple third-party service providers. The attack targeted organizations who were using software called "MOVEit" which is a common data transfer tool. Attackers took advantage of a vulnerability in this software before the developer could provide patches.
As of July 25, the third-party service providers who have contacted Western about the potential data compromise include the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA). The National Student Clearing House has posted more information about the incident on its website: alert.studentclearinghouse.org/
WWU officials are gathering specific information regarding the incident for each service provider affected, including whether any of our community members’ data has been impacted.
Ongoing updates about this incident will be posted on this news page (news.wwu.edu/nationaldatabreach) as information becomes available.
It's important to note that WWU’s own systems were not breached in this incident, but out of an abundance of caution, the university is informing the WWU community about the situation and sharing recommended steps to take to keep accounts and personal data secure:
Thoroughly scrutinize any notifications you receive that solicit or require personal information and data.
Verify the legitimacy of all notifications, emails, texts, links that you may receive. If unsure, first conduct an online search for the sender and call their customer service to confirm.
If you hold any accounts with any of the vendors affected by this attack, ask them if they offer credit monitoring services.
Keep a close eye on your credit reports for any suspicious activities. Obtain free copies of credit reports from services like Equifax, Experian, and TransUnion or check if your financial institution provides this service at no cost.
As always, exercise caution when receiving requests for personal data and promptly report any suspicious or phishing messages to your organization's appropriate IT authorities.
The Federal Trade Commission offers further advice on what to do if you think your personal data has been compromised.