Webpage updated as of 4:30 p.m. on July 12, 2023
MOVEit Software Cyberattack Notification
CSU System community members,
I am writing to inform you of a cyberattack against third-party organizations that have a relationship with many corporations and institutions of higher education across the country, including the Colorado State University System, which potentially has resulted in unauthorized access of personal information of some members of our community.
No systems operated or maintained by the CSU System or the CSU campuses were breached. We are providing this information so everyone in our community can take steps to protect their personal information.
TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife, and The Hartford notified CSU that they were impacted by the global attack against the MOVEit Transfer software. MOVEit allows exchange of data files with clients across the world. We’ve been informed that the data breach may involve data for some current employees and students, as well as former employees and students dating back to at least 2021.
We will continue working with these vendors to gauge the full impact of the cyberattack. As of July 12, more than 280 organizations, including many universities, have been impacted by the MOVEit security event.
Our team is following this situation closely and will post updated information as we have it to this webpage to help you mitigate your personal risk and keep you informed with the latest information we’re working to gather from the affected vendors. Regardless of whether you are impacted by this cyber event, you can take steps to protect your personal data.
While this cyberattack involves third-party vendors and university systems were not compromised, it is a reminder of the importance of cybersecurity at CSU System institutions. If you have questions about keeping data safe, please contact your university or System information technology expert.
Our Division of IT and the entire university system will continue prioritizing the security of your personal data and keep you updated via the website on future developments.
Thank you,
Brandon Bernier
Chief Information Officer, CSU System
Frequently Asked Questions
The National Student Clearinghouse, the Teachers Insurance & Annuity Association (called TIAA), Corebridge Financial, Genworth Financial, The Hartford and Sunlife recently notified the Colorado State University System that they have been impacted by a cybersecurity breach related to a tool they use to transfer sensitive information. The tool, called the MOVEit Transfer tool, is used by many organizations.
No CSU information technology systems were compromised, but prospective, current and former student and current and former employee data used by the effected vendors may have been breached, along with data from many other universities across the United States.
An investigation to determine the full impact of the breach is ongoing. The CSU Division of Information Technology is closely following the situation and will receive updates from the effected vendors about the status of their investigation.
The affected vendors use a tool called MOVEit to transfer information. This tool was developed by Progressive Software. Progressive Software recently disclosed a vulnerability within the MOVEit Transfer tool. A group of cybercriminals, CLOP, exploited the vulnerability to illegally gain access data belonging to various organizations. This cyber incident has affected hundreds of businesses, organizations, government agencies, and educational institutions throughout the world.
The extent of the breach and its impact on CSU data is currently unclear.
Some data about prospective, current and former CSU students and current and former employees maintained by the affected vendors contains personally identifiable information, which may include first name, middle initial, last name, date of birth, student or employee identification numbers, social security number, and demographic information such as gender, ethnicity, and level and area of education.
At this time, the affected vendors have fixed the vulnerability. They are working with federal agencies and other third-party forensic investigators to determine which records and individuals have been affected. If it is determined that your personal information was impacted, you will receive an individual written notification letter providing you with additional resources and information.
We remain committed to continuously monitoring and assessing the situation to address the potential ramifications of this incident.
The investigation is expected to be extensive and may require a significant amount of time before it is completed. We will update this website regularly as more information becomes available.
Until we know more, we strongly urge all past and current community members to remain vigilant for indications of potential identity theft over the next 12 to 24 months.
If you are suspect your identity has been compromised, immediately report suspected identity theft incidents to the University and, if appropriate, law enforcement authorities.
As a precautionary measure, you should also consider taking these immediate steps to protect their personal information:
- Monitor your accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Fraud alerts and credit freezes: Consider placing a fraud alert or credit freeze with the major credit bureaus. This will add an extra layer of security making it harder for anyone to open new accounts using your information.
To place a fraud alert or credit freeze, contact the three major credit reporting bureaus:
TransUnion: 1-800-680-7289, http://www.transunion.com
Experian: 1-888-397-3742, http://www.experian.com
Equifax: 1-888-298-0045, http://www.equifax.com
- Strong passwords and account security: Update your online accounts with unique and strong passwords. Enable multi-factor authentication wherever possible.
- Be wary of suspicious emails or communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide personal information unless you are certain of the source’s authenticity.
More information on how to protect yourself from identity theft is available from the Federal Trade Commission’s Identity Theft Guide at www.identitytheft.gov.