(The Center Square) – The University of Missouri is informing current and former employees and students to be aware their personal information might have been accessed in a global data breach.
The university posted a media release on Wednesday stating it was notified of the breach involving MOVEit, a software program used to move large data files between organizations. Last week, the Missouri Department of Health and Human Services notified state Medicaid recipients and other program participants that personal information could have been accessed through MOVEit by an unauthorized third party.
The university notified federal law enforcement of the possible breach and began its own investigation. The system’s outside vendors that used the software also are investigating to determine what data and individuals might be impacted.
“This is a large-scale investigation and as such, many details, including the specific types of information and the number and identity of the individuals impacted, have not been confirmed at this time,” Ben Canlas, the university’s interim vice president for information technology, said in a statement. “The comprehensive process to identify this specific information is proceeding as quickly as possible.”
The Pension Benefit Information, LLC, and the National Student Clearinghouse are vendors mentioned in the university’s media release. The pension business is a subcontractor with several university vendors and the clearinghouse is used to verify academic information and educational data reporting.
“The files from these vendors might have included information from the student record database on current or former students of the University of Missouri,” the release stated.
“The breach impacted some outside vendors that we use to assist in our operations, including our enrollment and pension processes,” Canlas said. “While we continue to work on obtaining specific information, we want to alert our employees, students and retirees that they might be impacted by this breach.”
The university said Pension Benefit Information is providing some resources to assist those possibly impacted. The university is awaiting a review of the affected files from National Student Clearinghouse.
Several class-action lawsuits were filed on Tuesday in U.S. District Court in Massachusetts against Progress Software, owner of MOVEit, and companies that used the software. The lawsuit contends more than 600 organizations throughout the world used the software to manage personal information – names, dates of birth, Social Security numbers, pension information, medical records, billing data and banking information – of more than 40 million people.
The Russian cybergang “Clop” allegedly discovered a vulnerability in MOVEit. The lawsuit contends MOVEit was “negligently and/or recklessly configured and maintained so as to contain security vulnerabilities that resulted in multiple breaches of its network and systems or of its customers’ networks and systems… These security vulnerabilities existed as far back as 2021.”
The university said individuals can take steps to reduce their chances of being a victim in this event or a similar crime by frequently checking their credit report and taking other actions.