Third Party Data Breach May Affect TCC Students and Employees

What happened? 

The MOVEit file transfer system, a third-party tool that the National Student Clearninghouse (NSC) uses to transfer data, has been impacted by a data security breach. The breach has potentially exposed data TCC student and employee data. According to news media, hundreds of organizations across the country have been affected by the breach.  

It is important to note that no system maintained or operated by TCC, including ctcLink, has been breached. 

Student Information 

The extent of the breach and its impact on TCC students is not clear at this time. However, we want our students to be aware that the NSC maintains Personally Identifiable Information (PII) including social security numbers and birth dates. NSC is currently conducting a comprehensive investigation to determine the scope of the breach and identify the affected individuals. Once NSC completes their investigation, National Student Clearinghouse will promptly notify any impacted students.

Because this breach encompasses multiple organizations and higher education institutions across the United States, the investigation is expected to be extensive and may take a significant time to complete. According to NSC, every effort is being made to expedite the process and provide you with the necessary information as soon as possible.

Employee Information 

The Teachers Insurance and Annuity Association (TIAA) stated that Pension Benefit Information, LLC, an outside vendor it shares information with, has been impacted by the data breach. PII for TCC employees is stored in the TIAA system. Employe information may have been exposed through the NSC system as well. 

What is TCC doing about this? 

TCC is proactively sending out notifications to employees and students whose data may have been affected by the breach. The college is also working with the State Board for Community and Technical Colleges and the Attorney General's Office to find out more about the breach. We will move as quickly as possible to protect student and employee data. 

What should I do? 

There are a number of steps you can take to protect yourself if your data has been stolen. Recommended actions inclue: 

Place a fraud alert and credit freeze: https://consumer.ftc.gov/articles/what-know-about-credit-freezes-fraud-alerts

Report identity theft to the Federal Trade Commission: https://www.identitytheft.gov/#/

Take steps recommended for those who have experienced identity theft: https://www.identitytheft.gov/#/Steps

Obtain a free credit report:

            Equifax: https://www.equifax.com/personal/credit-report-services/free-credit-reports/

            Experian: https://www.experian.com/help/annual-credit-report.html

            TransUnion: https://www.transunion.com/annual-credit-report

Block electronic access to your Social Security information. Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.

Monitor credit cards and bank accounts. Regularly monitor your financial accounts and report any suspicious activity to your financial institutions immediately. 

Be wary of suspicious texts, emails, and other communications. Refrain from clicking on links in texts and emails from unknown individuals. Scammers are becoming increasingly sophisticated in their tactics, and may convincingly impersonate an entity such as a bank or an educational institution. If you're not sure if a communication is authentic, contact the organization by phone or go to the organization's website to login, rather than clicking on an email link. If you believe your TCC student or employee email account has been hacked, please contact IT immediately. 

Update passwords. Passwords should be 12 characters or more in length, and be sure to use a unique password for each online system you use. When possible, enable Multi-Factor Authentication for additional security. 

Moving forward

TCC expects that the National Student Clearinghouse, United Healthcare, and Pension Benefit Information, LLC, a vendor for the Teachers Insurance and Annuity Association, will contact impacted individuals directly with additional details where required by law.

TCC will continue to update this webpage as new information becomes available from the service providers.

Does this incident involve employee records held by the college?
The college's internal employee data systems were not affected by this incident.

However, the underlying security issue with the MOVEIt Transfer tool has impacted many corporations, government agencies, and organizations worldwide. It is possible that an individual may receive notification of a security issue from a different organization.