MOVEit software data security incident

A message from Mur Muchane, Vice President for Information Technology & CIO

In the coming days or weeks, you may receive notification letters regarding a recent global cybersecurity incident involving the MOVEit Transfer Software that has affected two of Wake Forest’s third-party benefits administrators as well as other third-party vendors who provide services to the University. Last week, Human Resources shared information in its July 6 newsletter with faculty and staff about these two organizations.

Both TIAA, the University’s retirement plan administrator, and Genworth, Long Term Care Insurance Provider, have notified the University that Pension Benefit Information, LLC (“PBI”), a vendor with which both administrators have a contract uses the MOVEit software. The University has received additional notices from other third-party vendors, including the National Student Clearinghouse, indicating that students may also have been impacted.

If your data is impacted, you will receive notifications directly from vendors. These notification letters will provide information about the type of personal information impacted by the breach, how to enroll in credit monitoring services paid for by the vendor, and how to place a credit freeze on your accounts. If you receive a notification letter, we encourage you to read it carefully and to use the information provided to contact the call center established by the vendor to answer questions you may have. It is possible you will receive a notification from more than one vendor.

While this recent incident does not involve the Wake Forest University network or any University systems, we wanted to make you aware of how it may impact members of our community. Wake Forest places a strong emphasis on data security, and we would like to take this opportunity to emphasize the significance of remaining vigilant in monitoring financial accounts and credit histories. Safeguarding personal information is of the utmost importance, and we encourage everyone to stay proactive in ensuring the security and privacy of their financial data.

Recommended steps include:

Monitor credit cards and bank accounts: Regularly review your accounts and if you notice any suspicious activity, immediately report it to your financial institution.

• Place fraud alerts and credit freezes with major credit bureaus: This action can protect you from identity theft or prevent further misuse of your personal information if it was stolen.
• Be cautious of suspicious emails or communications: Do not open or click on links in email from unknown individuals.
• Update passwords: In general, longer passwords are better. Use unique passwords for every website so that a breach at one won’t put your other accounts at risk.

The University will remain in communication with TIAA, Genworth and other vendors and will update employees and students as more information becomes available.