National Data Security Incident

Given that third-party providers are working on this issue, we have no additional information beyond the notice posted below. We encourage you to continue to monitor this site for updates.

 

 

Dear Trinity Community Member,

We alerted the Trinity Community on July 21, 2023, regarding a data breach that was reported with the third-party file transfer application MOVEit Transfer, impacting organizations and exposing personal data worldwide. As we noted then, Trinity University does not use the MOVEit Transfer application, and our servers were not breached, but several of our third-party service providers notified us that they, or their vendors, use it and that the breach impacted some members of the Trinity community, both students and employees. We have received updates from two of the three vendors since our initial notice in July, and those are detailed below. We will post additional information here as it becomes available.

TIAA/ Pension Benefit Information, LLC

As we noted in our earlier communication, TIAA notified Trinity that this incident affected its vendor, Pension Benefit Information, LLC (PBI), and personally identifiable information about some Trinity employees had been exposed as a result. PBI supports TIAA, which is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. Trinity University provides names, addresses, dates of birth, and Social Security numbers for those employees who choose to participate in TIAA services.

PBI has now begun sending the impacted individuals notifications of the breach. These notifications include an offer of free credit monitoring, fraud consultation, and identity theft restoration for two years. If you receive a notification letter from PBI, we encourage you to consider accepting the free offer for these services. The letter will also contain other tips about actions you can take to protect yourself against misuse of your personal information.

National Student Clearinghouse

National Student Clearinghouse (NSC) is a non-profit clearinghouse used by the vast majority of high schools, colleges, and universities as a clearinghouse for academic data. NSC has recently notified us that none of the breached data that relates to Trinity community members included Social Security numbers, Student ID numbers, or dates of birth. They indicated that the types of personal data that were impacted in our case may include names, contact information, and educational information such as enrollment, degree, and course-level data (for example, from transcripts and Postsecondary Data Partnership reports). The specific type(s) of data varied from individual to individual, but we are reassured that no personal information in the nature of Social Security numbers, Student ID numbers, or dates of birth was involved in our case. As such, NSC does not intend to send any additional correspondence to those Trinity Community members. The registrar does have a list of the names of the impacted Trinity Community members. You can contact the registrar’s office to learn whether your personal information was involved, but the nature of the data was such that legal notices are not required.

Delta Dental

Delta Dental of California (Delta Dental) has also notified Trinity that they were impacted by the Moveit Transfer data breach. As of the posting of this notice, Trinity has not yet received additional information about whether or not any Trinity employees’ data was involved. As we noted in our earlier [statement,] Delta Dental has informed law enforcement about the incident and has indicated that once they determine the individuals involved, that they intend to notify them and help them protect their information.

We provided the information below last month, but it is worth repeating. If you are concerned about possible misuse of your personal data, there are a number of steps you can take now to protect your identity from fraud or theft.

What You Can Do Now

Review the Federal Trade Commission’s recommendations on what to do if your personal information has been compromised. These include:

• Closely monitor your credit reports.
  You can obtain a free copy of your credit report from each of the three major reporting agencies; Equifax, Experian, and TransUnion.
• Place a fraud alert on your accounts.
  A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
• If you wish, you can freeze your credit at each of the three major credit reporting agencies
• If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov.
• Block electronic access to your Social Security Information.
  Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or through the administration’s automated telephone service.

Trinity University takes the privacy of your personal information very seriously and will continue to update the community as new information becomes available from our service providers.

 

 

Recently, a breach was reported with the third-party file transfer application MOVEit Transfer, impacting organizations and exposing personal data worldwide. While Trinity University does not use the MOVEit Transfer application, some of our third-party service providers do. The breach did not occur on any of Trinity’s systems, but it has impacted several of our vendors.

TIAA notified Trinity that this incident affected its vendor, Pension Benefit Information, LLC (PBI), and personally identifiable information about some Trinity employees had been exposed as a result. PBI supports TIAA, which is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. Trinity University provides names, addresses, dates of birth, and Social Security numbers for those employees who choose to participate in TIAA services.

Trinity was informed that PBI will begin sending impacted Trinity employees a formal notification letter with additional information about the incident and steps such employees can take to protect themselves, including an offer of free credit monitoring for two years. It is our understanding that these letters will be sent to affected Trinity employees next week. 

National Student Clearinghouse

National Student Clearinghouse (NSC) is a non-profit clearinghouse used by the vast majority of high schools, colleges and universities as a clearinghouse for academic data. NSC is still in the process of evaluating the impact of the data breach on the data it holds. While it has not yet provided Trinity with specific information about which individuals’ personal information was involved or the nature of that data, they have confirmed that some Trinity University student or prospective student data was involved. We have asked NSC to confirm that they intend to send breach notifications to all impacted individuals and to notify as to any additional benefits they intend to provide. 

Delta Dental

Delta Dental of California (Delta Dental) has also notified Trinity that they were impacted by the Moveit Transfer data breach. As of the posting of this notice, they have not been able to confirm conclusively whether or not any Trinity employees’ data was involved. We anticipate receiving additional information soon and will provide it once available. Delta Dental has informed law enforcement about the incident and has indicated that once they determine the individuals involved, that they intend to notify them and help them protect their information. 

What You Can Do Now

In the meantime, we recommend that you review the Federal Trade Commission’s recommendations on what to do if your personal information has been compromised. These include:

Closely monitor your credit reports.

• You can obtain a free copy of your credit report from each of the three major reporting agencies; Equifax, Experian, and TransUnion.

Place a fraud alert on your accounts.

• A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.

If you wish, you can freeze your credit at each of the three major credit reporting agencies.

• If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov.

Block electronic access to your Social Security Information.

• Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or through the administration’s automated telephone service.

Trinity University takes the privacy of your personal information very seriously and will continue to update the community as new information becomes available from our service providers. You will find all updates on Trinity University’s News Center.