Cybersecurity Incident Involving TIAA and the National Student Clearinghouse

Dear Centre College Students, Faculty, and Staff,

As you have likely read or heard about in the national news, many organizations around the world have been affected by a cybersecurity event involving a software program called MOVEit. 

Centre College does not use the MOVEit software. However, we have been notified by the third-party service providers listed below that personally identifiable information, which Centre shares with the listed providers for standard administrative purposes, may have been exposed due to the use of the MOVEit software by the providers and their partners. 

Centre’s Information Technology Services (ITS) is actively monitoring this situation. We are currently working with our service providers to determine the extent of the potential exposures and we will provide additional information and guidance to our Centre College community as soon as we understand.

The following third-party service providers have notified us that data pertaining to Centre College students, faculty, and staff may have been exposed as a result of exploitation of the MOVEit software:

National Student Clearinghouse (NSC)
NSC provides educational reporting, data exchange, verification, and research services to many higher education institutions. Centre shares student information with NSC.

Status: NSC believes it is likely that some subset of Centre College data was included in the exposure.  We have no confirmation at this time of the specific users or user data involved.

Information from the Service Provider: NSC has posted information about this incident to the NSC website, including answers to questions. General information about NSC’s published data privacy and security practices can be found on the NSC website. NSC will contact you directly if your data is at risk.

The Teachers Insurance and Annuity Association (TIAA)
TIAA is a large financial organization that provides investment and insurance services to millions of people and thousands of institutions in the nonprofit industry in academic, research, medical, government, and cultural fields.  Centre shares employee information with TIAA.

Status: TIAA has confirmed that a subset of Centre College data was included, primarily former employees, in the exposure.  TIAA, through its vendor, PBI, will be sending a notice and further information to participants whose data has been exposed.

Information from the Service Provider: TIAA is monitoring participant accounts for unusual activity and, to date, has not detected any as a result of this incident. For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center or contact TIAA directly at 800-842-2252 or via email at abuse@tiaa.org. TIAA will contact you directly if your data is at risk.

What you can do to help protect your personal information

We recommend that you take the following actions to protect your personal information.

• Closely monitor your financial accounts for suspicious activity. See the FTC’s “Warning signs of identity theft” website for tips on what to look out for.
• Check your credit report at annualcreditreport.com.
• Consider placing a credit freeze on your credit report, with each of the three credit reporting agencies.
• Current Centre College Faculty and Staff may take advantage of Centre’s Employee Assistance Program through Anthem.
• Please remain vigilant and promptly report any suspicious activity or suspected identity theft related to these events to ITS and the proper law enforcement authorities.

Sincerely,

Andrew Ryan
Chief Information Officer, Data Privacy Officer