Publish Date

Dear students and colleagues, 

We have received information that the personal data of many of our students was accessed in a global cyberattack. As reported by the news media, various institutions were targeted in a May 31 ransomware attack, including well-known information technology and accounting firms. University of Illinois System computers were not compromised in this event.  

However, the University of Illinois System was notified this week by the National Student Clearinghouse (NSC) that personal data of students may have been obtained by an unauthorized party by exploiting a vulnerability in a software product that assists in transferring data files. Once that vulnerability was identified, NSC and other users quickly closed down the access by applying additional security measures at the software provider’s direction.

While there is no indication at this time that any compromised information has been used fraudulently, NSC is continuing to investigate and will send a notice directly to the individuals whose data was accessed. We will advocate for that notification to take place as soon as possible.  

Prior to receiving any notification, you can take steps to protect your identity. Please refer to the FAQs below.

The system will continue to monitor this matter and provide additional updates to those affected.

We understand that these types of situations may be stressful for the individuals involved. We will continue to monitor the developing events, to work with other institutions and to follow up with additional communications as soon as possible.

It is our intention to let you know as much as we know, without creating unnecessary concern. Thank you for all of your efforts to help keep our systems safe and secure.

Sincerely,

Nicholas P. Jones
Executive Vice President and Vice President of Academic Affairs
University of Illinois System

Joe Barnes
Chief Digital Risk Officer
University of Illinois System


FAQs: 

What is NSC and why do we transfer student data to them?

We are required to provide data to the National Student Clearinghouse, which was founded in 1993 by the higher education community to carry out the functions of student data reporting and exchange. A nonprofit and nongovernmental organization, NSC is the leading provider of educational reporting, data exchange, verification and research services.

What types of data were involved?

NSC reports that “(t)he unauthorized party obtained certain files within the Clearinghouse’s MOVEit environment, which may have included information from the student record database on current or former students. We have no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications.

What can I do to protect my identity?

The University of Illinois System provides resources and strategies to help manage the risk of identity theft. We recommend that you use your right to a free annual credit report from each of the major credit reporting companies. To order your free annual report from one or all the national consumer reporting companies, visit https://www.annualcreditreport.com, or call toll-free 877-322-8228. Alternatively, you may contact each consumer reporting agency directly as follows: 

Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013 

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 

 You may also wish to consider contacting the Federal Trade Commission: 

Please be aware that you can obtain information from these consumer reporting agencies and/or the Federal Trade Commission about fraud alerts and security freezes.