From the Interim President
Posted: Monday, July 24, 2023National MOVEit Data Breach and How It Affects the Buffalo State Community
The MOVEit Transfer software cyber incident has affected institutions across the nation, including three organizations that Buffalo State University works with: the National Student Clearinghouse (NSC), TIAA CREF, and Corebridge. Each organization has contacted SUNY to alert it of the possibility that the personal information of students, employees, and retirees may have been affected.
No Buffalo State systems were breached during this incident. We are communicating this information about the MOVEit Transfer software cyber incident so everyone in the Buffalo State community is aware of it and can take necessary precautions.
SUNY has been assured by NSC, TIAA CREF, and Corebridge that their systems have been secured and that they are working with the FBI and global cyber security experts in an ongoing investigation to determine the impact of the cyber incident.
In the coming weeks, SUNY expects that potentially affected individuals will be contacted by one or more of these organizations. In the meantime, we recommend that you use your right to a free annual credit report from each of the three major credit reporting companies: Equifax, Experian, and TransUnion.
You may also wish to consider contacting the Federal Trade Commission at ftc.gov or consumer.ftc.gov/features/identity-theft. In addition, here are links from two of the organizations where you can find additional information:
National Student Clearinghouse MOVEit Security Issue
If you were potentially affected by the MOVEit incident, you will be contacted by one or more of the compromised organizations. We will also update you directly once we have further information.
Data privacy and security are serious matters at Buffalo State University. Here are some tactics to protect yourself, given the information available at this time:
- Ensure that your accounts are secure and use multi-factor authentication whenever possible. It is also recommended that you use long passphrases for all your accounts. Never give someone your password, passphrase, or authentication code, even if they claim to be from a trusted organization.
- Be extra cautious and vigilant against phishing attacks in the coming weeks and months. Phishing scams can contain personal information that is sent via text message, email, or other mode of communication. Verify the source of the message before responding. Cybercriminals may leverage stolen personal information and send convincing emails, notices, or text messages containing accurate information about you or one of your accounts. The Buffalo State IT Help Desk recommends that if you have any doubt about the authenticity of an email, you should delete it.
- Monitor your financial accounts and credit. It is always wise to monitor your credit report for unusual activity. If you believe you are being targeted, consider putting in place a credit freeze.
For further information, visit Frequently Asked Questions about the National MOVEit Data Breach.