Third-Party Data Breach Notifications

May 2023 – Northern Arizona University Information Technology Services

On May 31st, 2023, third-party software provider Progress Software announced a security vulnerability related to their MOVEit Transfer software, potentially affecting thousands of organizations worldwide.

MOVEit Transfer is a software tool used by many organizations, including the Clearinghouse, to support the transfer of files. According to Progress Software, an unauthorized third party discovered a vulnerability in the MOVEit Transfer software that could allow unauthorized access to files transferred through the tool.

Subsequently, national news media reported that many businesses and organizations worldwide are impacted by a cybersecurity incident related to a widely used filesharing application known as MOVEit Transfer.

While Northern Arizona University does not use the MOVEit software, NAU has received notifications from third-party service providers that personally identifiable information from some NAU students and employees may have been impacted.

Third-party service providers who have contacted NAU about this breach

Teachers Insurance and Annuity Association (TIAA) is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. TIAA has indicated that Pension Benefit Information (PBI), LLC, an outside vendor it shares information with, has been impacted.

For additional details about this incident, visit PBI’s website.

The National Student Clearinghouse is a trusted provider to approximately 4,000 higher education institutions across the United States and provides valuable services supporting financial aid and student success. NSC provides educational reporting and research services to many higher education institutions, including NAU.

The National Student Clearinghouse keeps updates on the incident on its website.

United Healthcare, a provider of health insurance plans at NAU notified the university that personally identifiable information, as well as claims information, for some of its community members may have been accessed during a MOVEit breach.

The Hartford is a provider of supplemental life insurance. The Hartford has indicated that Pension Benefit Information (PBI), LLC, an outside vendor it shares information with, has been impacted.

For additional details about this incident, visit PBI’s website.

Steps to safeguard your privacy

Always enable two-factor authentication for any online service. This has proven to hinder bad actors who are trying to access your data.
Use strong password practices, and leverage a password manager when possible.
Be vigilant for phishing and other scams. NAU will never send emails asking for your password or login information. Beware of emails that ask for your personal, login, or financial information. Send any suspicious emails to phishing@nau.edu.
If you believe you are the victim of identity theft, file a local police report and notify the Federal Trade Commission at www.identitytheft.gov.
For specific questions or concerns, please contact DataSecurity@nau.edu.

Moving Forward

NAU expects that the TIAA, National Student Clearinghouse, United Healthcare, and The Hartford will contact impacted individuals directly with additional details where required by law.

NAU will continue to update this webpage as new information becomes available from the service providers. For specific questions or concerns please contact DataSecurity@nau.edu.