The National Student Clearinghouse (NSC), which processes student data on Wooster’s behalf, is one of the institutions affected by the MOVEIt Transfer software vulnerability.
Updates
IT Alert – National Student Clearinghouse Potential Security Vulnerability
Recent coverage in the national and technology media indicates many organizations in the US and globally have been affected by a significant security event involving the MOVEIt file transfer application.
The College of Wooster does not use the MOVEIt application. However, the National Student Clearinghouse (NSC) which processes student data on Wooster’s behalf, is one of the affected institutions. Yesterday afternoon the NSC informed us that some of our files were accessed in the incident.
NSC’s investigation continues, and they have advised that they will follow up with additional information regarding the impact to the College’s information.
Some of the data we share with NSC includes personally identifiable information such as social security numbers and dates of birth.
Information about NSC’s privacy practices is available on their privacy commitment page and questions may be submitted through their contact form.
We have developed an “FAQ” that includes more information about the NSC and data they process.
We continue to monitor this developing event, both through NSC communications and information security lists. We will provide relevant updates as we have them.
FAQ
The National Student Clearinghouse is a nonprofit and nongovernmental organization that provides educational reporting, data exchange, verification, and research services. You can find more information about the Clearinghouse on their website.
The College uses the services of the Clearinghouse for student enrollment reporting for compliance with the Department of Education’s National Student Loan Data System and for degree verification services.
Currently, the Clearinghouse has not provided details of the impact other than that they believe some of our data was accessed by an unauthorized party.
Colleges and universities provide a standard set of data items to the Clearinghouse. In addition to where the student is or has enrolled and directory information, the data incudes items that are protected under federal, state, and international privacy laws, such as birthdate, social security number, educational program progress, Pell grant status, veteran status, race/ethnicity.
On June 28, 2023, the Clearinghouse advised the College that it believes “an unauthorized party” obtained certain Clearinghouse files that included our data. We do not know definitively what data was accessed.
While we await further information, it is always good practice to monitor credit reporting services and to place a fraud alert on your credit account if you think your protected information may have been compromised. The Consumer Financial Protection Bureau has good resources about protecting yourself against identity theft. The Federal Trade Commission has information about the “warning signs” of identity theft (which are always good to know).
You can learn more about their policies and practices on their privacy commitment page.
The Clearinghouse has created an information page on its website.
See their contact page for more information.
We will advise current and/or former students of anything definitive we learn from the Clearinghouse. We will post updates to this FAQ as we learn more and as we get questions from students and families.
So that we can track questions, we ask that you use this form. We will try to respond as quickly as possible.