University of Missouri System provides update on MOVEit data breach involving outside university vendors

COLUMBIA, Mo. — The University of Missouri System was notified recently of a potential data breach involving MOVEit, a file transfer software used to share large files between organizations. The MOVEit breach was reported by national media outlets and involves thousands of organizations worldwide. Since the initial announcement, in addition to notifying federal law enforcement, university officials immediately initiated an investigation separate from the outside vendors to determine what data and individuals might have been impacted. 

“The breach impacted some outside vendors that we use to assist in our operations, including our enrollment and pension processes,” said Ben Canlas, interim vice president for Information Technology. “While we continue to work on obtaining specific information, we want to alert our employees, students and retirees that they might be impacted by this breach.” 

While the investigation continues, university officials have initially determined that some personal data has been compromised.  

“This is a large-scale investigation and as such, many details, including the specific types of information and the number and identity of the individuals impacted, have not been confirmed at this time,” Canlas said. “The comprehensive process to identify this specific information is proceeding as quickly as possible.” 

Because the data breach also affected outside vendors used by the university, current and former university employees and students might receive information about the breach from one of these vendors independent from the university. 

Specifically, Pension Benefit Information, LLC (PBI), a subcontractor with several university vendors, and the National Student Clearinghouse, which is used to verify academic information and educational data reporting, were impacted by this breach. The files from these vendors might have included information from the student record database on current or former students of the University of Missouri.  

Additionally, PBI has begun notifying those individuals impacted and is providing some resources. More information about how the breach impacted PBI can be found on their website. The National Student Clearinghouse is conducting a review of the affected files, and university officials will receive additional information regarding the impact when that review is completed. Additional details are on the NSC’s website. 

Regardless of whether someone is impacted by this event, individuals can take steps to reduce their chances of being a victim of a similar crime. Those actions include: 

• Check credit reports annually. Credit reports can be obtained for free by going to AnnualCreditReport.com. 
• Consider placing a credit freeze on the credit report with each of the three credit-reporting agencies. 
• Block electronic access to Social Security information by calling the Social Security Administration at 1-800-772-1213. 
• Remain suspicious of any emails coming from unknown individuals or any emails with attachments or requests to click on links. 
• Not sharing personal information on email, social media posts or in other electronic formats. That information might include passwords, Social Security numbers and financial account information. 

It is important to remember that even if every precaution is taken, individuals can still be the victim of a crime. Anyone who thinks they might be a victim of a crime, such as fraud or ID theft, is encouraged to file a police report.