The following message was sent to Middlebury students, faculty, and staff on June 29, 2023.
Dear Middlebury Students, Faculty, and Staff,
As reported in national news media, a significant number of organizations around the world have been affected by a cybersecurity event involving a software utility called MOVEit.
Middlebury College does not use the MOVEit software. However, we have been notified by the third-party service providers listed below that personally identifiable information, which Middlebury shares with the listed providers, may have been exposed due to the use of the MOVEit software by the providers and their partners.
Information Technology Services (ITS) is actively monitoring this situation. We are currently working with our service providers to determine the extent of the potential exposures and we will provide additional information and guidance to our Middlebury College community as soon as we understand.
The following third-party service providers have notified us that data pertaining to Middlebury College students, faculty, and staff may have been exposed as a result of exploitation of the MOVEit software:
National Student Clearinghouse (NSC)
NSC provides educational reporting, data exchange, verification, and research services to many higher education institutions. Middlebury shares student information with NSC.
Status: NSC has confirmed that Middlebury College data was included in the exposure.
Information from the Service Provider: NSC has posted information about this incident to the NSC website, including answers to questions here. General information about NSC’s published data privacy and security practices can be found on the NSC website here. NSC will contact you directly if your data is at risk.
The Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that provides investment and insurance services for those working for organizations in the nonprofit industry in academic, research, medical, government, and cultural fields. Middlebury shares employee information with TIAA.
Status: TIAA has confirmed that Middlebury College data was included in the exposure.
Information from the Service Provider: TIAA is monitoring participant accounts for unusual activity and, to date, has not detected any as a result of this incident. For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center or contact TIAA directly at 800-842-2252 or via email at abuse@tiaa.org. TIAA will contact you directly if your data is at risk.
Updates will be posted here.
What you can do to help protect your personal information
We recommend that you take the following actions to protect your personal information.
Please remain vigilant and promptly report any suspicious activity or suspected identity theft related to these events to ITS and the proper law enforcement authorities.
Questions related to this notice should be directed to: infosec@middlebury.edu
Sincerely,
Chris Norris
Interim Assistant Vice President for Information Technology Services
Middlebury College
