As recently reported in the news, a major data breach is impacting millions of people. The breach involved exploiting a vulnerability with the file transfer tool “MOVEit” which is widely used by third-party organizations that have a relationship with many corporations and institutions of higher education across the country, including North Iowa Area Community College (NIACC).

No systems operated or maintained by NIACC were breached. We are providing this information so everyone in our community can take steps to protect their personal information.

Two third-party organizations associated with NIACC, the National Student Clearinghouse (NSC), and the Teachers Insurance and Annuity Association (TIAA) have informed us that they were impacted by the cyberattack and that confidential information belonging to some NIACC students and employees may have been compromised. We have been assured by NSC and TIAA that their systems have been secured and they are working with global cyber security experts in an ongoing investigation to determine the impact of the cyber incident.

The extent of the data accessed during the breach is not yet known, but we have been advised that the impacted companies will directly contact those affected with information about next steps. The National Student Clearinghouse is providing information about their response at alert.studentclearinghouse.org.  TIAA’s partner, Pension Benefit Information, LLC, has posted information and resources at https://www.pbinfo.com/faq-consumer/.

NIACC recommends all students and employees take the following actions to help protect themselves:

• Be extra vigilant: It is possible that cybercriminals may leverage stolen personal information from this attack to craft convincing phishing attacks in the coming weeks and months. An email, notice, or text message containing accurate information about you or one of your accounts is not enough to verify authenticity. Verify the source of a message before responding.  Phone calls may also be used to obtain personal or financial information.
• Monitor your financial accounts and credit:  It is always wise to monitor your credit report for unusual activity. Consider putting a credit freeze in place to frustrate would-be scammers if you believe you are being targeted.
• Secure your accounts:  Remember to enable two-factor authentication for all your accounts. Never give someone your password or a two-factor code if asked for it, even if they claim to be from a trusted organization.