MOVEit Vulnerability and Possible Data Breach

In June 2023, the software company, Progress Software, announced a widespread software vulnerability and data breach of its technology, MOVEit. While LMU does not use MOVEit, some affiliated vendors utilize the software as a large file transferring tool and notified the university that some of its data stored with these third-party partners may have been compromised.

LMU Information Technology Services continues to closely monitor the situation, and is taking numerous proactive precautionary measures to minimize any potential risk and ensure data security. This page will be updated regularly as more information becomes available, so please check back regularly.

To learn more about the breach, you can read the joint FBI and CISA release here. For information about PBI, read this article on Global MOVEit Transfer Cyberattack.

Note: If you are aware of any vendor having been exposed to this particular vulnerability, please notify ITS immediately at servicedesk@lmu.edu. Some vendors send out notifications directly to their customers, and ITS might not be included on that notification.

  • MOVEit Transfer is a program from Progress Software that supports the secure managed transfer of files and data between servers, systems and applications both within an organization and between different organizations or individuals. It is used globally by thousands of companies and government agencies.

  • Employees

    Delta Dental is sending out notifications to affected individuals. Notifications will be to impacted individuals. Delta is offering access to 24 months of complimentary identity monitoring services through Kroll. If you have additional questions, you may call the toll-free assistance line at (866) 693-2571 Monday through Friday from 6:00 am to 3:30 pm Pacific time (excluding U.S. holidays).

    PBI/TIAA has sent out notifications to affected individuals. Notifications were sent through US mail to the home address of impacted individuals. PBI is offering access to 24 months of complimentary identity monitoring services through Kroll. If you have additional questions, you may call the toll-free assistance line at (866) 373-7560 Monday through Friday from 9:00 am to 6:30 pm Eastern time (excluding U.S. holidays). You may also write to PBI at 333 South Seventh Street, Suite 2400, Minneapolis, MN 55402.

    PBI/Hartford provided notices to impacted employees in August 2023. PBI will notify the impacted individuals directly and offer two years of credit monitoring, fraud consultation and Identity Theft Restoration services in the event a person’s identity has been stolen.

    Students

    Notifications from the National Student Clearing House are expected to be distributed in in late August 2023. NSC will notify individuals whose Personally Identifiable Information was compromised via mail and offer two years of credit monitoring.

  • MOVEit is not used by LMU and no LMU system was compromised. However, it serves as a compelling reminder of the importance of data security, and ITS has recently concluded an extensive analysis to reaffirm the security of our own systems.

  • LMU has received notification that the following third-party vendors were using MOVEit and affected by the breach:

    For Students:

    • National Student Clearinghouse (NSC) - read their alert here.

    For Faculty and Staff:

    • Teachers Insurance and Annuity Association of America (TIAA)
    • The Hartford
    • Delta Dental

    For additional information, please refer to the information shared in LMU This Week:

  • Please notify ITS ASAP.

    Forward the notification email to ITS Service Desk at servicedesk@lmu.edu immediately.