Update to Previously Shared Global Data Breach
Last month, LMU’s Information Technology Services learned about a global data breach affecting thousands of organizations worldwide, in which ransomware attacks took advantage of a popular file transfer tool’s security flaw. MOVEit is a tool used by many organizations, including the affected companies listed below, to support the transfer of data files.
While impacts to LMU were initially unknown, the university has since been notified that data maintained by The Hartford, TIAA, Delta Dental, and National Student Clearinghouse (NSC) on LMU’s behalf was possibly affected. The full extent is still being investigated, but some staff, faculty, and student-identifiable information may have been exposed, including names, addresses, and other personal identifiers. LMU is working closely with The Hartford, TIAA, Delta Dental, and NSC to ensure that all LMU individuals affected are notified directly as soon as possible.
If you believe your information may have been among the compromised data, please refer to the information below.
For Staff and Faculty with accounts at The Hartford and TIAA:
- No information was obtained from The Hartford or TIAA’s systems, but rather from their third-party data vendor, PBI.
- Current analysis reveals that some individuals at LMU were affected by the breach. LMU is working closely with The Hartford and TIAA to understand the scope and ensure that all individuals affected are notified directly.
- Any individual impacted by the breach will receive a mailed letter from PBI in the coming weeks, offering two years of free credit monitoring and identity theft restoration services as well as further support resources.
For Staff and Faculty with Delta Dental accounts:
- While Delta Dental recently confirmed that it was impacted by the MOVEit breach, it is still analyzing whether LMU accounts were affected.
- LMU is working closely with Delta Dental to understand the scope and ensure that any individual impacted is notified directly as soon as possible.
- LMU will share more in the coming weeks, as soon as Delta’s analysis is completed.
For Current and Former LMU Students:
- NSC maintains enrollment and degree information for 3,600 universities nationwide.
- Current analysis reveals that LMU is believed to be among the many universities whose data was obtained by an unauthorized party. The NSC reports that it has no evidence that LMU’s data was specifically targeted.
- In the coming weeks, NSC’s analysis will determine the contents of any impacted information, including a list of affected students. LMU is working closely with NSC to ensure that all LMU individuals affected are directly notified as soon as the NSC analysis is complete.
The university has confirmed that its own systems were not affected by the global breach, but LMU ITS continues to closely monitor the situation and work diligently to determine if any other affiliated third-party vendors were impacted. ITS is taking numerous proactive precautionary measures to minimize any potential risk and is committed to providing further updates as new information becomes available.
At LMU, the security of personal data is a top priority. This news serves as a reminder to remain vigilant and take action to protect personal information online, including monitoring bank accounts, credit reports, and other online portals. Take immediate action if you notice anything unusual.
FAQs and resources related to the exposed security vulnerability can be found here. For further online safety tips, review LMU ITS’ cybersecurity page.
