On July 14, Worcester State University notified the campus community that it had been informed by the National Student Clearinghouse (NSC) of a data breach that involved student information that the Clearinghouse maintains on behalf of the vast majority of US higher education institutions. We have recently received an important update from the NSC that Worcester State students’ social security numbers, student identification numbers, and transcripts were NOT exposed.
According to the NSC, some Worcester State students, and possibly graduates of the university, may have had some basic information exposed, including names and unspecified demographic information. At this time, the Office of Enrollment Management is still working with the NSC to understand the scope of the breach and whose information was affected.
The university takes seriously the importance of protecting student personal information. We advise all students and recent graduates to closely monitor personal information for possible suspicious activity; to use strong, regularly updated passwords; and to be vigilant about emails and phone calls from unfamiliar individuals attempting to obtain personal and financial information.
The investigation by the National Student Clearinghouse is ongoing, and, to the extent we receive any additional information that may affect you, we will notify you as soon as possible. Individuals with questions can contact the Office of the Registrar at registrar@worcester.edu or 508-929-8035.
Updated FAQs
What is the National Student Clearinghouse?
The National Student Clearinghouse (NSC) is a non-profit organization founded in 1993 to provide educational reporting, research, and data services for more than 3,600 colleges and universities.
What happened?
According to the NSC, software provider Progress Software recently announced a security vulnerability related to its MOVEit Transfer product, potentially affecting thousands of organizations worldwide. According to Progress Software, an unauthorized party discovered the vulnerability in the MOVEit Transfer software, which could allow unauthorized access to files being transferred using the tool.
Based on the NSC’s ongoing investigation, they have determined that an unauthorized party obtained certain files transferred through the Clearinghouse’s MOVEit environment, including files containing data that is maintained on behalf of some of its customers. The NSC has indicated there is no evidence to suggest that the unauthorized party specifically targeted the Clearinghouse or Worcester State University.
Are Worcester State University’s data systems safe?
Yes. While it is impossible to guarantee 100% cybersecurity, this incident took place within the NSC’s system and not within Worcester State’s systems. The university does not use MOVEit software. Worcester State University’s internal student and alumni data systems have not been impacted by this cybersecurity incident.
What information was contained in the files?
According to the NSC, some Worcester State students, and possibly graduates of the university, may have had some basic information exposed, including names and unspecified demographic information. The NSC has confirmed that students’ and graduates’ social security numbers, student identification numbers, and transcripts were NOT exposed.
Does this incident involve the records of any alumni?
The university’s internal alumni data systems were not affected by this incident. However, it is possible that some graduates of the university may have had some basic information exposed, including names and unspecified demographic information. The NSC has confirmed that students’ and graduates’ social security numbers, student identification numbers, and transcripts were NOT exposed.
Does this incident involve employee records held by the university?
The university’s internal employee data systems were not affected by this incident.
However, the underlying security issue with the MOVEIt Transfer tool has impacted many corporations, government agencies, and organizations worldwide. It is possible that an individual may receive notification of a security issue from a different organization.
How has Worcester State responded to this incident?
Worcester State University takes student data privacy very seriously. University leaders are in active communication with the National Student Clearinghouse to receive updates and coordinate information. Internally, the Executive Cabinet, legal counsel, and IT security staff are working together to respond to the incident.
In addition, the university has notified the following agencies of the data breach:
- Massachusetts Attorney General’s Office
- Massachusetts Comptroller’s Office
- Massachusetts Secretary of State Office
- Massachusetts Office of Consumer Affairs and Business Regulation (OCABR)
- Massachusetts Executive Office of Technology Services and Security (EOTSS)
- Massachusetts Department of Higher Education (DHE)
- U.S. Department of Education (USDOE)
How soon will I know if my data was compromised?
Worcester State University is continuing to work with NSC to ensure affected individuals are promptly notified. At this time, the NSC has confirmed that students’ and graduates’ social security numbers, student identification numbers, and transcripts were NOT exposed. The investigation by the National Student Clearinghouse is ongoing, and, to the extent we receive any additional information that may affect you, we will notify you as soon as possible.
What can I do to protect my personal data?
Here are some general guidelines to follow:
- Keep mobile devices and apps updated
- Don’t click random links or visit unknown websites
- Delete or report suspicious emails to avoid granting access to accounts
- Update and secure all home devices connected to the internet
- Use strong passwords and two-factor authentication and confirm privacy settings
- Practice safe social media use; be careful not to post personal/sensitive information
- Avoid free Wi-Fi networks to prevent compromising sensitive information
- Secure home Wi-Fi networks and digital devices by changing the factory password
- Optimize operating system, browser, and security software by installing recommended updates
Our News
Worcester State joins Culture of Respect Collective to address sexual violence
Worcester State is undertaking an ambitious multiyear effort to prevent sexual violence on campus. In January, the university joined a group of 13 colleges and universities across North America for . . .