Data Breaches
MOVEit transfer data breaches
The North Dakota University System (NDUS) and Minot State University are monitoring two data breaches traced back to MOVEit Transfer, a file transfer software used by third-party contractors to securely transfer files from one system to another.
NDUS and Minot State were recently notified by TIAA, a company that manages NDUS retirement funds, and National Student Clearinghouse (NSC), which manages degree verification and enrollment, that sensitive data may have been exposed during file transfers.
NDUS, in collaboration with TIAA, has determined that the personal information of some Minot State employees has been exposed. Employees impacted by the TIAA breach have already been notified by Pension Benefit Information, LLC (known as PBI), a company contracted by TIAA to handle notifications to customers. Therefore, your personal data was not part of the security incident if you have not received an email.
Further information on the breaches can be found on the respective websites.
- National Student Clearinghouse MOVEit security issue
- TIAA – PBI Research Services statement on MOVEit cyberattack
Frequently asked questions
The National Clearinghouse provides educational reporting, data exchange, and verification services to many colleges and universities nationwide. To allow NSC to provide these services, colleges and universities must provide NSC with students’ confidential information.
TIAA is a retirement benefits company NDUS uses on behalf of our employees.
On June 16, 2023, NDUS campuses were informed that students' personal identifying information may have been compromised in a global cyber incident. On June 28, 2023, NSC confirmed the breach. Minot State does not have any information at this time on how many or who the impacted individuals are from the breach.
On June 16, 2023, a general notification was sent by TIAA to NDUS regarding a potential breach. On June 29, 2023, TIAA confirmed the breach. On July 14, 2023, letters were sent by PBI to the impacted parties.
The information shared with us by the breached entities was limited due to ongoing forensic investigations. As a developing story, Minot State did not have enough information to share with the community or the impacted individuals.
- NSC: At this time, we do not know the extent of the data compromised.
- TIAA: Potentially, employee or retiree data, including personal identifying information and social security numbers, may be compromised.
NSC notified us that it is working with a third-party vendor to review affected files and expects that review to be completed within the next few weeks. After that, NSC will begin providing its campus contact with more information on individuals affected. We will work with NSC to ensure that affected individuals are promptly notified.
Neither TIAA nor NSC have notified MSU of evidence of any attempted use of the compromised data or any ransom demand.
Minot State highly recommends taking advantage of your right to obtain a free annual credit report from each major credit reporting company, namely Experian, Equifax, and TransUnion. In case of any concerns regarding identity theft, you may also wish to consider contacting the Federal Trade Commission through their website www/ftc.gov/ or https://consumer.ftc.gov/features/identity-theft.
Please note: Minot State Human Resources, the Registrar’s office, and IT Central do not have additional information to share beyond what is provided above. All three entities are working diligently with NDUS, TIAA, and NSC to obtain additional information and clarification on the potential scope and impact of the breach.
FAQs will be updated as we receive more information. Questions can be sent to helpdesk@MinotStateU.edu.
