Editor's note: The following message on cybersecurity was sent by the University of Delaware Office of Information Security to the UD community:

Dear University Community,

A recent cybersecurity breach involving thousands of organizations around the world may have affected some members of the University of Delaware community. As the incident directly impacted third-party service providers that work with the University, this letter email contains additional information that may be helpful as we continue to monitor the situation:  

What happened

The University received notification about the incident at the end of June from the National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association (TIAA); both organizations do business with UD. NSC and TIAA were impacted by a cybersecurity attack in late May that exploited a vulnerability in the file-transfer software MOVEit. 

UD does not use the MOVEit software. However, we have been notified by NSC and TIAA that personally identifiable information, which UD shares with these third-party service providers, may have been exposed due to the use of the MOVEit software by these providers and their partners. The extent of the incident and other details remain under investigation.

How it’s being addressed

MOVEit reported that it immediately addressed its cybersecurity vulnerability and now offers security fixes in supported versions of its software. Your privacy and security are important to UD, so we are working closely with NSC and TIAA to ensure that any affected members of our community are notified as soon as the investigation is complete. We understand that assistance with credit monitoring and identity theft protection will be provided by NSC and TIAA, as warranted.

Steps you can take

You do not need to take any specific action in response to this incident at this time. However, it is always advisable to remain vigilant in protecting your personal information and monitoring your online accounts for potentially fraudulent activity. 

• Be aware of phishing attempts and suspicious emails or communications. 

• Strengthen your passwords and enable multi-factor authentications. 

• More information about protecting yourself online is available from UD Information Technologies.

Thank you for your attention to this matter as we work with UD partners to enforce and sustain compliance while optimizing all information systems and protocols for the UD community.

Sincerely,

University of Delaware Office of Information Security