Updated on September 8, 2023.
The following message was sent to Middlebury students, faculty, and staff on June 29, 2023 and has since been updated.
Dear Middlebury Students, Faculty, and Staff,
As reported in national news media, a significant number of organizations around the world have been affected by a cybersecurity event involving a software utility called MOVEit.
Middlebury College does not use the MOVEit software. However, we have been notified by the third-party service providers listed below that personally identifiable information, which Middlebury shares with the listed providers, may have been exposed due to the use of the MOVEit software by the providers and their partners.
Information Technology Services (ITS) is actively monitoring this situation. We are currently working with our service providers to determine the extent of the potential exposures and we will provide additional information and guidance to our Middlebury College community as soon as we understand.
The following third-party service providers have notified us that data pertaining to Middlebury College students, faculty, and staff may have been exposed as a result of exploitation of the MOVEit software:
National Student Clearinghouse (NSC)
NSC provides educational reporting, data exchange, verification, and research services to many higher education institutions. Middlebury shares student information with NSC.
Status: NSC initially confirmed that Middlebury College data was included in the exposure. NSC has since clarified that Social Security Number, Student Identification Number, and Date of Birth were not exposed, nor were student transcripts. The NSC-exposed data may have included name and contact information.
Information from the Service Provider: NSC has posted information about this incident to the NSC website, including answers to questions here. General information about NSC’s published data privacy and security practices can be found on the NSC website here. NSC will contact you directly if your data is at risk.
The Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that provides investment and insurance services for those working for organizations in the nonprofit industry in academic, research, medical, government, and cultural fields. Middlebury shares employee information with TIAA.
Status: TIAA has confirmed that Middlebury College data was included in the exposure.
Information from the Service Provider: TIAA is monitoring participant accounts for unusual activity and, to date, has not detected any as a result of this incident. This incident involves the MOVEit Transfer software used by one of TIAA’s third-party vendors. No information was obtained from TIAA’s systems and TIAA systems are not threatened. For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center or contact TIAA directly at 800-842-2252 or via email at firstname.lastname@example.org. TIAA will contact you directly if your data is at risk.
Updates will be posted here.
What you can do to help protect your personal information
We recommend that you take the following actions to protect your personal information.
- Closely monitor your financial accounts for suspicious activity. See the FTC’s “Warning signs of identity theft” website for tips on what to look out for.
- Check your credit report at annualcreditreport.com.
- Consider placing a credit freeze on your credit report, with each of the three credit reporting agencies.
- Middlebury College Students should consider enrolling in an Identity Theft Protection service like TrueIdentity (no cost from TransUnion).
- Middlebury College Faculty and Staff using Cigna medical can enroll in Cigna’s IdentityForce service at no cost.
Please remain vigilant and promptly report any suspicious activity or suspected identity theft related to these events to ITS and the proper law enforcement authorities.
Questions related to this notice should be directed to: email@example.com
Vice President for Information Technology Services