Dear Members of the Campus Community,
We are writing to share information about the MOVEit Transfer software cyber incident that has impacted institutions across the nation.
Our campus has been notified by three of its vendors—the National Student Clearinghouse (NSC), TIAA, and Corebridge—that a data breach related to MOVEit Transfer software may have included the personal information of students, employees and retirees.
Each organization has assured us that their systems have been secured and they are working with the FBI and global cyber security experts in an ongoing investigation to determine the impact of the data breach.
In the coming weeks we expect potentially impacted individuals will be contacted by one or more of these organizations with information and next steps. In the meantime, we recommend that you consider the following ways to protect yourself from the data breach.
Things You Can Do to Protect Yourself
Be extra vigilant: It is possible that cybercriminals may leverage stolen personal information from this attack to craft convincing phishing attacks in the coming weeks and months. An email, notice, or text message containing accurate information about you or one of your accounts is not enough to verify authenticity. Verify the source of a message before responding. Phone calls may also be used to obtain personal or financial information. You can also see examples of fraudulent/phishing emails that have been reported to the college at our “Phish Bowl” site.
Monitor your financial accounts and credit: Use your right to a free annual credit report from each of the major credit reporting companies Experian, Equifax or TransUnion. It is always wise to monitor your credit report for unusual activity. Consider putting a credit freeze in place to frustrate would-be scammers if you believe you are being targeted.
Secure your accounts: Remember to enable multi-factor authentication (MFA) on personal accounts (since your New Paltz account is already protected) and to use long passphrases for all your accounts. Never give someone your password or a two-factor code if asked for it, even if they claim to be from a trusted organization.
Again, if you were potentially impacted by the MOVEit incident, you will be contacted directly by NSC, TIAA, and/or Corebridge. We will share updates with the campus community once we have further information.
Please visit the Federal Trade Commission online for more information on how to report identity theft.
Click here to find answers to FAQs related to the incident.
