A cybersecurity event involving a software called MOVEit potentially left personally identifiable information of more than 16 million people exposed. Siena does not use the MOVEit software, but we were recently informed by two third-party service providers that members of our community may be counted among the 16 million. At this time, there is no indication of fraud related to this event.
Our ITS team is actively monitoring the situation, and members of our community who have been specifically identified in the data breach have been directly notified. This is what we’ve learned from the two third-party service providers.
Teachers Insurance and Annuity Association (TIAA)
Siena shares employee information with the Teachers Insurance and Annuity Association. We were informed by Pension Benefit Information (PBI), a TIAA third party contractor, that the data (first name, last name, address, date of birth, gender, and Social Security Number) of 287 current and former employees was included in the server at the time of the exposure. Notifications to those people have already gone out. TIAA is monitoring participant accounts for fraud and so far has not detected any unusual activity. For additional information on safeguarding your account and staying updated, please visit the TIAA Security Center.
National Student Clearinghouse (NSC)
NSC provides educational reporting, data exchange, verification, and research services to many higher education institutions. Siena shares student information with NSC and has learned that some Siena data was included in this cybersecurity event. NSC has posted information about this incident to the NSC website, including answers to questions HERE.
This is, of course, a developing situation and we will update the Siena community as we learn more. In the meantime, all community members are encouraged to remain vigilant against any incidents of identity theft or fraud by carefully reviewing financial account statements and monitoring free credit reports for suspicious activity.
Please direct any questions to email@example.com.