July 10, 2023
Dear Loyola Community,
As Loyola University Chicago recently reported, a vulnerability to the file transfer application MOVEit (MOVEit Software) has been impacting organizations and exposing personal data worldwide. Although Loyola does not use the MOVEit Software, some of the University’s third-party service providers do.
Since such initial report, the National Student Clearinghouse (NSC) and The Teachers Insurance and Annuity Association (TIAA), have notified Loyola that certain personally identifiable information that the University shares with NSC and TIAA may have been exposed due to the use of MOVEit’s Software in connection with these third parties providing services to Loyola. Based on notices that these parties have provided to Loyola, and on information posted online, NSC and TIAA are continuing to investigate the MOVEit data breach. Additional information concerning the services provided by NSC and TIAA to Loyola is summarized at the bottom of this notice.
Since Loyola’s initial receipt of notice of this incident, the University has been in contact with NSC and TIAA to confirm the next steps these parties will take to address this situation. The University takes the privacy and security of all members of our campus community seriously and Loyola will continue to actively monitor the situation.
Even in advance of any written notice from NSC or TIAA that your personal information may have been affected by this breach, Information Technology Services (ITS) recommends that you closely monitor your financial accounts for suspicious activity. You can also check your credit report for free and, if necessary, consider placing a credit freeze on your credit report with each of the three credit reporting agencies.
National Student Clearinghouse (NSC)
NSC provides educational reporting, data exchange, verification, and research services to many higher education institutions, including Loyola. In connection with such services, Loyola shares information on prospective and current Loyola students, including such students’ social security numbers, but not including any financial account information. NSC has posted information about this incident to the NSC website, including answers to questions here. General information about NSC’s published data privacy and security practices can be found on the NSC website here.
The Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that acts as a fund sponsor under Loyola’s 403(b) defined contribution plan. TIAA has advised Loyola that certain personal information of participants in such plan, including social security numbers, was exposed in the MOVEit data breach. TIAA’s third-party vendor, Pension Benefit Information, LLC (PBI), which uses the MOVEit Software in providing services to TIAA, was the actual party directly affected by the data breach. It is anticipated that PBI will send the data breach notice on behalf of TIAA to affected persons. TIAA is monitoring participant accounts for unusual activity and, to date, has not notified Loyola of any improper activity in accounts of Loyola participants as a result of the incident. For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center or contact TIAA directly at 800-842-2252 or via email at abuse@tiaa.org.
ITS will continue to update this page with any updates as needed.