NOTICE OF DATA SECURITY INCIDENT
On May 31, 2023, Progress Software announced a previously unknown vulnerability affecting its MOVEit® Transfer software application. The ϲʹ (“the University”) utilizes this application for managed file transfers. This vulnerability has affected thousands of MOVEit customers worldwide. The University confirmed that certain personal information transferred through MOVEit was among the information acquired by the unauthorized individuals who perpetrated this incident. The University mailed letters in September 2023 to individuals whose information was identified in the affected data set. We are providing additional notice now because a small percentage of those letters were returned as undeliverable.
WHAT HAPPENED: After Progress Software’s announcement on May 31st, the University immediately began investigating to determine if it was among the thousands of Progress Software customers affected. We engaged third-party cybersecurity experts to assist us in investigating and notified law enforcement. After a review of the documents on the MOVEit platform that was concluded on Sept. 7, 2023, we were able to identify the personal information that was contained in the affected data set.
WHAT INFORMATION WAS INVOLVED: The information involved may have included name, Social Security number and, in a small number of cases, health information.
WHAT WE ARE DOING: Following notice from MOVEit on May 31, 2023, we immediately took the MOVEit application offline and have applied the available patches to address the vulnerability.
WHAT YOU CAN DO: If you are concerned about this incident, please call the number below to determine if you were impacted.Individuals who are affected may consider freezing their credit to prevent loans, credit cards, and other services from being opened in their names without their permission. To initiate a credit freeze, contact each of the three national credit reporting agencies listed on the following page. Additional information on actions you can take is available at . We also recommend you review your credit reports and account statements over the next 12 to 24 months and notify your financial institution of any unauthorized transactions or incidents of suspected identity theft. If your information was affected, we are providing 12 months of credit monitoring and fraud assistance through Kroll, a leading identity theft protection company.
FOR MORE INFORMATION: If you are concerned that your information may have been involved, please contact 866-846-0667, Monday – Friday between 8 a.m. and 5:30 p.m. Central Time, excluding major U.S. holidays. We deeply regret the concern or inconvenience this incident may cause you and appreciate your patience and support.
Reviewed 2024-05-22