Skip to main content

Data Breach

Worldwide MOVEit data breach may affect some Boise State students and employees

Boise State University has been notified by the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association of America (TIAA) of a worldwide data breach through MOVEit transfer, a third-party file transfer software they each utilize. The list of organizations globally that are affected by the data breach is growing each day.

No systems managed by Boise State have been compromised, so students and employees do not need to take any actions to protect their campus-held data. NSC and TIAA are still determining how their systems were affected. But because this breach is so large, we believe some students and employees will receive letters in the mail advising that information you shared with Boise State and our vendors may have been compromised. Boise State is sharing the following information.

Information for students

The NSC serves as a data collaborative for the education community. It is authorized by higher education institutions nationwide to provide enrollment, degree data and transcripts. Boise State was notified that personally identifiable information about some students was compromised as a result of the worldwide data breach.

Boise State is working with the Idaho State Board of Education to monitor the situation and will support NSC’s efforts regarding notification to impacted students as information becomes available.

NSC is providing more information about its response and the data breach at alert.studentclearinghouse.org.

Students are encouraged to monitor the website regularly for further information from the vendor.

Information for employees

TIAA has indicated that Pension Benefit Information LLC, a vendor with which it shares information, has been impacted by the MOVEit worldwide data breach. Boise State is working with the Idaho State Board of Education to monitor the situation and will support TIAA’s efforts regarding notification to impacted employees as information becomes available. Employees affected by the data breach will be notified by TIAA directly by mail.

For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center or contact TIAA directly at 800-842-2252 or via email at abuse@tiaa.org.

How students and employees can protect themselves

Boise State encourages students and employees to take steps to protect themselves from potential identity theft. We want you to know what to do if you receive a notification.

  • Read the notification carefully to make sure it is legitimate, and understand what data was potentially compromised. Most notifications are sent in the mail and are addressed directly to the person impacted. If you’re unsure whether a letter you receive is legitimate, search for the company online, and call their customer service phone number to verify.
  • Consider taking advantage of any credit monitoring services they may provide. If sensitive information has been exposed, credit monitoring can be an important tool to safeguard your identity.
  • Consider updating important passwords and turn on multi-factor authentication (MFA) where available. Recently updated passwords together with MFA are an important defense in a digital world.
  • The Federal Trade Commission also provides helpful information about how to project yourself against identity theft on their website.