Skip to main content
University of North Dakota
University of North Dakota
    • Email
    • Employee Self-Service
    • Finance (PeopleSoft)
    • Campus Connection
    • Flex Spending
    • Hawk Central
    • Faculty Success
  • Calendar
  • Directory
  • Scope of this search:
Campus Services
  • Employee Resources
    • Job Openings
    • Benefits
    • Equal Opportunity
    • Staff Senate
    • TTaDA (Professional Development)
    • UCLC (Childcare)
    • University Council for Women+
    • University Senate
    • Work Well (Employee Wellness)
  • Financial Services
    • Shared Service Center
    • Grants & Contracts Accounting
    • Procurement & Payment Services
    • Resource Planning & Allocation
    • Treasury
    • Accounting Services-Controller
  • Operations
    • Facilities Management
    • Parking & Transportation
    • Policy Office
    • Records Management
    • Safety
  • Communication Services
    • Brand and Identity
    • Campus Postal Services
    • Duplicating
    • Marketing & Communications
    • Telecommunications
    • University Information Technology
    • Web Support
University of North Dakota
  • Employee Resources
    • Job Openings
    • Benefits
    • Equal Opportunity
    • Staff Senate
    • TTaDA (Professional Development)
    • UCLC (Childcare)
    • University Council for Women+
    • University Senate
    • Work Well (Employee Wellness)
  • Financial Services
    • Shared Service Center
    • Grants & Contracts Accounting
    • Procurement & Payment Services
    • Resource Planning & Allocation
    • Treasury
    • Accounting Services-Controller
  • Operations
    • Facilities Management
    • Parking & Transportation
    • Policy Office
    • Records Management
    • Safety
  • Communication Services
    • Brand and Identity
    • Campus Postal Services
    • Duplicating
    • Marketing & Communications
    • Telecommunications
    • University Information Technology
    • Web Support
Scope of this search:
Scope of this search:
  • Home
  • Campus Services & Resources
  • UIT
  • MOVEit Transfer Data Breaches
Skip Section Navigation
  • University Information Technology
  • Help Center
  • Chat With Us
  • UND Tech Guide Show/hide children
    • Student Technology Requirements
  • Initiatives
  • Cybersecurity Show/hide children
    • MOVEit Data Breaches
    • The Phish Tank
  • Popular Services Show/hide children
    • NDUS Account
    • Email
    • Microsoft 365
    • Wireless & Network Connection
    • Records Management
  • Office of CIO Show/hide children
    • Policies & Procedures
    • IT Governance
    • One IT Strategic Plan
    • About UIT

MOVEit Transfer Data Breaches

The University of North Dakota (UND) and the North Dakota University System (NDUS) are monitoring two data breaches traced back to MOVEit Transfer, a file transfer software used by third-party contractors to securely transfer files from one system to another.

The University was recently notified by TIAA, a company that manages NDUS retirement funds, and National Student Clearinghouse (NSC), which manages degree verification and enrollment, that sensitive data may have been exposed during file transfers.

UND and TIAA (via PBI) have already notified the individuals impacted by the TIAA breach. NSC is expected to notify impacted individuals within the next several weeks.

Further information on the breaches can be found on the respective websites.

  • National Student Clearinghouse MOVEit Security Issue
  • TIAA – PBI Research Services Statement on MOVEit Cyberattack

Frequently Asked Questions

What is the National Student Clearinghouse, and why do campuses provide student information to this organization?

The National Clearinghouse provides educational reporting, data exchange, and verification services to many colleges and universities nationwide. To allow NSC to provide these services, colleges and universities must provide NSC with students’ confidential information.

What does TIAA do for UND?

TIAA is a retirement benefits company NDUS uses on behalf of our employees.

When was UND first notified of the NSC data breach?

On June 16, 2023, NDUS campuses were informed that students' personal identifying information may have been compromised in a global cyber incident. On June 28, 2023, NSC confirmed the breach. UND does not have any information at this time on how many or who the impacted individuals are from the breach.

When was UND first notified of the TIAA data breach?

On June 16, 2023, a general notification was sent by TIAA to NDUS regarding a potential breach. On June 29, 2023, TIAA confirmed the breach. On July 14, 2023, letters were sent by PBI to the impacted parties. UND Human Resources also notified the impacted via email.

Why is UND only now reporting the data breach to students, employees, and retirees whose information might be compromised?

The information shared with us by the breached entities was limited due to ongoing forensic investigations. As a developing story, UND did not have enough information to share with the community or the impacted individuals.

What specific types of personal data have been or may have been compromised?

  • NSC: At this time, we do not know the extent of the data compromised.
  • TIAA: Potentially, employee or retiree data, including personal identifying information and social security numbers, may be compromised.

How soon will I know whether my data was compromised?

  • NSC: NSC notified us that it is working with a third-party vendor to review affected files and expects that review to be completed within the next few weeks. After that, NSC will begin providing its campus contact with more information on individuals affected. We will work with NSC to ensure that affected individuals are promptly notified.

Has there been any known attempt to use any compromised data or any demand for ransom or other action by the hackers?

TIAA or NSC has not notified us of evidence of any attempted use of the compromised data or any ransom demand.

What steps, if any, should such students, employees, and retirees take on their own? 

UND highly recommends taking advantage of your right to obtain a free annual credit report from each major credit reporting company, namely Experian, Equifax, and TransUnion. In case of any concerns regarding identity theft, you may also wish to consider contacting the Federal Trade Commission through their website at https://www.ftc.gov/ or https://consumer.ftc.gov/features/identity-theft. These proactive measures can help safeguard your personal information and financial well-being. 

 

Please note: UND Human Resources (HR), the Registrar’s Office, and University Information Technology (UIT) do not have additional information to share beyond what is provided above. All three entities are working diligently with NDUS, TIAA, and NSC to obtain additional information and clarification on the potential scope and impact of the breach.

FAQs will be updated as we receive more information.

If you have specific security questions, please email und.cybersecurity@und.edu.

 

University Information Technology
24/7 phone support
P 701.777.2222
und.techsupport@UND.edu

Service Location

  • Chester Fritz Library, Lower Level
    • No-Contact Self-Service Kiosk
    • Available during on-site hours
  • Walk-Up Support
    • Available during on-site hours

Summer On-Site Hours

  • Mon. - Fri.: 8 a.m. - 4:30 p.m.

Complete location hours

  • YouTube
  • Twitter

We use cookies on this site to enhance your user experience.

By clicking any link on this page you are giving your consent for us to set cookies, Privacy Information.

UND.info@UND.edu  |  701.777.3000
  • YouTube
  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
  • Campus Map
  • Employment
  • Vector Solutions Training
  • UND Today
  • U Letter
  • Campus Safety (SafeUND)
University of North Dakota

© 2025 University of North Dakota - Grand Forks, ND - Member of ND University System

  • Accessibility & Website Feedback
  • Terms of Use & Privacy
  • Notice of Nondiscrimination
  • Student Disclosure Information
  • Title IX
©