NOTE: The College will continue to monitor this situation and update this page as needed.
Pennsylvania Highlands is actively monitoring and responding to data breaches related to MOVEit Transfer, a file transfer software used by many third-party vendors. Penn Highlands does not use the MOVEit software, though several third-party service providers do and have contacted Penn Highlands about the potential exposure of personally identifiable information. The College was alerted to the hack by third-party service providers: National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA).
The College has not been and will not be provided with the names of the individuals who may have been impacted or details on the extent of this breach.
No systems that are operated or maintained by Penn Highlands Community College were breached.
This incident is localized to third-party vendors only. The third-party vendors that have been impacted by the breach currently identified include:
- TIAA: a financial provider for educators and academics
- NSC: a national nonprofit that collects enrollment and other student data from thousands of colleges and universities
These third-party providers will be notifying any faculty, staff, or students impacted by this breach individually with steps to mitigate risk and protect data, along with additional monitoring services. This communication will come directly from the third-party provider and not from the College.
The MOVEit Transfer software data breach has affected many well-known companies and if data was stolen, it may or may not have come from a source other than NSC or TIAA/PBI.
While there was no breach of Penn Highlands Community College’s infrastructure, these third-party provider breaches are concerning. The College recommends individuals stay vigilant and take precautionary steps to protect sensitive data:
- Be aware of the possibility of phishing emails.
- Create effective passwords.
- Use multifactor authentication on devices and accounts whenever possible.
- Freeze your credit at each of the three major credit reporting agencies.
- Place a fraud alert on your accounts. (A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.)
- Closely monitor your credit reports. (You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.)
About these organizations
National Student Clearinghouse
The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. Penn Highlands works with the clearinghouse for a variety of purposes including enrollment and degree verification services and student loan reporting requirements. Data provided to the National Student Clearinghouse includes personally identifiable information and education records.
About Teachers Insurance and Annuity Association (TIAA)
TIAA is a financial organization that offers investment and insurance services to employees working in the academic, research, medical, governmental, and cultural fields. Penn Highlands provides names, addresses, dates of birth, and social security numbers for those employees who choose to participate in TIAA services. The data transferred from Penn Highlands to TIAA was not compromised. However, TIAA has indicated that Pension Benefit Information, LLC, an outside vendor it shares information with, has been impacted.