The National Student Clearinghouse has notified higher education institutions, including WWCC, of a security vulnerability related to its MOVEit Transfer product, potentially affecting thousands of organizations worldwide. According to the notification, on or about May 31, 2023, an unauthorized party discovered the vulnerability in the MOVEit Transfer software, which could allow unauthorized access to files being transferred using the tool.
The National Student Clearinghouse has found no evidence to suggest that the unauthorized party specifically targeted the Clearinghouse or any specific college.
It is important to note that no system maintained or operated by WWCC, including ctcLink, was breached.
Are Walla Walla Community College’s data systems safe?
Yes. This incident took place within NSC’s system and not within WWCC’s systems. WWCC does not use the MOVEit software, and our internal student and alumni data systems have not been impacted by this cybersecurity incident.
Were WWCC students affected?
NSC has notified WWCC that the extent of the breach and its impact on WWCC students is limited in size and scope and does NOT include sensitive Personally Identifiable Information, such as Social Security numbers, Dates of Birth, or transcript information. The extent of the impact to WWCC students is that a limited number of students’ names and possibly mailing addresses were accessed.
What should I do?
- Your safety and security are our top priority. As with any potential data breach, we recommend taking the following steps to protect your information:
- Monitor credit cards and bank accounts for any suspicious activity. Keep a close eye on your credit reports for any suspicious activities. Obtain free copies of credit reports from services like Equifax, Experian, and TransUnion or check if your financial institution provides this service at no cost.
- Consider placing a fraud alert on your accounts.
- Be cautious with suspicious emails or messages, and avoid clicking on unknown links. Thoroughly scrutinize any notifications you receive that solicit or require personal information and data.
- Verify the legitimacy of all notifications, emails, texts, links that you may receive. If unsure, first conduct an online search for the sender and call their customer service to confirm.
- As always, exercise caution when receiving requests for personal data and promptly report any suspicious or phishing messages to your appropriate IT authorities.
- Update your passwords to be strong and unique.
Where can I find additional information?
The National Student Clearinghouse has posted more detailed information about the situation on its website.
The Federal Trade Commission offers further advice on what to do if you think your personal data has been compromised.