Two third-party vendors have notified Tacoma Community College (TCC) of a cybersecurity incident that may have exposed personally identifiable information of some of the college’s students and employees.
The data breach took place with a software tool called MOVEit Transfer, which thousands of organizations across the world use to transfer files. Although TCC does not use MOVEit Transfer, the college has partnerships with organizations, including National Student Clearinghouse (NSC) and the Teachers Insurance Annuity Association (TIAA), that use the service. Both NSC and TIAA recently notified TCC about the potential exposure if personally identifiable information of some students and employees. At this time, the number of students and employees whose data may have been exposed is unknown.
No systems operated by TCC or the State Board for Community and Technical Colleges (SBCTC) have been breached. This incident is localized to our third-party venders, including MOVEit Transfer, NSC, and TIAA.
The vast majority of higher education institutions around the country transfer data through the NSC to facilitate tasks such as financial aid compliance, transcripts and verification. All of Washington’s 34 community and technical colleges use NSC in some capacity. However, not all of Washington’s community and technical colleges have been affected by the data breach. NSC has recently contacted all of the state’s affected colleges. This breach has also impacted many other institutions throughout the country.
“TCC takes the security of its student and employee data very seriously,” said Vice President for Administrative Services Patty McCray-Roberts. “We are working closely with the State Board for Community and Technical Colleges to track this situation, determine the extent of the breach, and research ways to protect ourselves from fraudulent activities. We are also working with the Washington State Attorney General’s Office to address legal implications.”
TCC expects NSC and TIAA to contact impacted individuals, as required by law. In the meantime, the college encourages students and employees to take action to protect their data:
- Monitor credit cards and bank accounts
- Place fraud alerts and credit freezes
- Do not open or click on links with any suspicious emails or texts
- Update passwords
TCC has launched a webpage with further tips and links to more information. The page will be updated as more information becomes known.