Cybersecurity Advisory
Update August 16, 2023
Shoreline Community College continues to hold the safety and security of students, staff, and faculty as a top priority. As such we would like to provide an update to the data breach involving the National Student Clearinghouse (NSC) and the MOVEit Transfer tool. As of August 16, 2023 we were informed by the NSC that the only data that was compromised were student names, and nothing else. There was no compromise to any sort of Personal Identifiable Information (PII) for any student files associated with Shoreline Community College, nor was there any breach of information associated with any student names regarding programs of study.
We consider this situation to be resolved, given the outcome and data provided by the National Student Clearinghouse, and remain steadfast in our commitment to the safety of our students, staff, and faculty.
Original Message July 27, 2023
Shoreline Community College (SCC) has received notice from two of our third-party vendors, the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA), that a cybersecurity incident involving a third-party software tool (MOVEit) may have exposed personally identifiable information of current and prior students and employees.
The MOVEit Transfer tool is a widely used filesharing application used by many businesses, organizations, and higher education institutions worldwide. Many of these organizations could be impacted by this event. It is important to note that SCC does not use the MOVEit software, though these third-party service providers do.
Shoreline Community College shares student enrollment data with the NSC. Some of the data shared with the Clearinghouse includes personally identifiable information. At this time, we do not know the extent of the data security breach. However, we continue to keep in contact with NSC and TIAA to monitor the situation and will immediately notify the individuals who have been impacted to the best of our ability. The State Board for Community and Technical Colleges has advised us that ctcLink has not been affected, as this incident is localized to the third-party vendors. We also know that this is unrelated to the previous ransomware incident Shoreline Community College experienced at the end of March.
National Student Clearinghouse
The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. SCC works with the clearinghouse for a variety of purposes including enrollment and degree verification services and student loan reporting requirements. Data provided to the National Student Clearinghouse includes personally identifiable information and education records. The National Student Clearinghouse has posted details about this incident on its website.
TIAA
TIAA is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. SCC provides names, addresses, dates of birth, and social security numbers for those employees who choose to participate in TIAA services. Further inquiry can also be directed to: TIAA’s National Contact Center 800-842-2252. TIAA’s Security Center at https://www.tiaa.org/public/support/security-center
What Does This Mean for You?
The safety and security of our students, staff, and faculty is our top priority, and we remain committed to thoroughly assessing any potential impacts. This cyber breach did not impact Shoreline Community College’s network or internal systems.
If you have been affected by this breach, we will contact you in the coming weeks as soon as we obtain specific details from the NSC as to who was affected and what information was accessed.