Update on MOVEit Data Breach

August 3, 2023 / General NOVA News

The Virginia Community College System (VCCS) is monitoring a nationwide cyberattack involving a third-party application called MOVEit Transfer. This cyberattack has affected thousands of businesses, government agencies, educational institutions and other organizations. I write today to update you about the potential impact of this data breach on VCCS students and employees.

VCCS is not a customer of MOVEit and was not directly affected by this incident. 

However, the cyberattack on MOVEit may have resulted in unauthorized access to VCCS students’ and employees’ personal information collected by third party vendors that do business with the community college system. These vendors include the National Student Clearinghouse, the Teachers Insurance and Annuity Association (TIAA), and Corebridge Financial (formerly Valic).

If your personal information was compromised, you will be contacted directly by one of the vendors listed above.

The system has posted information about the incident and the actions it is taking on the VCCS Alerts and Advisories webpage. This page also includes steps you can take to protect your data:

  • Be extra vigilant.
    Take extra steps to verify the source of any message—whether text, email, or phone call—before opening or responding. Do not provide personal and financial information if you cannot confirm the authenticity of the request or the requestor. Cybercriminals may leverage stolen personal information in a phishing attack, making the attack seem like an authentic message. Given the scope of the MOVEit attack, be extra vigilant in verifying authenticity over the next few months.
  • Monitor your financial accounts and credit.
    Monitor your credit cards and credit report for unusual activity. Consider putting a credit freeze in place or a hold on your accounts if you believe you are being targeted.
  • Secure your online accounts.
    Enable two-factor authentication, use long pass-phrases for all of your accounts, and do not re-use passwords. Never give someone your password or two-factor authentication code, even if they claim to be from a trusted organization. No authentic source will ever ask you to share your password.

You can learn more about how to protect yourself against identity theft on the Federal Trade Commission Identity Theft website.

If additional information from VCCS becomes available, I will share it with you via email. And, again, you can stay updated on the system’s response to the MOVEit data breach through the VCCS Alerts and Advisories webpage.

Republished from “Update on MOVEit Data Breach” from President Kress, July 31, 2023