July 13, 2023

Update to Previously Shared Global Data Breach

Last month, LMU’s Information Technology Services learned about a global data breach affecting thousands of organizations worldwide, in which ransomware attacks took advantage of a popular file transfer tool’s security flaw. MOVEit is a tool used by many organizations, including the affected companies listed below, to support the transfer of data files.

While impacts to LMU were initially unknown, the university has since been notified that data maintained by National Student Clearinghouse (NSC) on LMU’s behalf for students enrolled in fall ’22, spring ’23, and summer ’23 was possibly impacted. The full extent is still being investigated, but some student-identifiable information may have been exposed, including names, addresses, and other personal identifiers.

For those whose information may have been among the compromised data, please refer to the information below.

For Current and Former LMU Students:

NSC maintains enrollment and degree information for 3,600 universities nationwide.
Current analysis reveals that LMU is believed to be among the many universities whose data was obtained by an unauthorized party. The NSC reports that it has no evidence that LMU’s data was specifically targeted.
In the coming weeks, NSC’s analysis will determine the contents of any impacted information, including a list of affected students. LMU is working closely with NSC to ensure that all LMU individuals affected are directly notified as soon as the NSC analysis is complete.

The university has confirmed that its own systems were not affected by the global breach, but LMU ITS continues to closely monitor the situation and work diligently to determine if any other affiliated third-party vendors were impacted. ITS is taking numerous proactive precautionary measures to minimize any potential risk and is committed to providing further updates as new information becomes available.

At LMU, the security of personal data is a top priority. This news serves as a reminder to remain vigilant and take action to protect personal information online, including monitoring bank accounts, credit reports, and other online portals. Take immediate action if you notice anything unusual.

FAQs and resources related to the exposed security vulnerability can be found here. For further online safety tips, review LMU ITS’ cybersecurity page.