Third Party Vendor Data Breaches
Oklahoma State University was recently notified by a few separate vendors about cybersecurity incidents which may impact our students and employees. The National Student Clearinghouse (NSC), Teachers Insurance and Annuity Association (TIAA), and United Healthcare Student Resources (UHSR) all separately reported data breaches which occurred due to a vulnerability found in file transfer software used by all organizations. No OSU owned systems are believed to have been affected by this vulnerability.
The U.S. Department of Education requires OSU, along with approximately 3,600 other colleges and universities nationwide, to provide information to the NSC. TIAA, which manages some current and form OSU employee retirement accounts, was impacted by a breach at one of its third-party vendors (Pension Benefit Information), who provides auditing and beneficiary location services to TIAA.
NSC, TIAA and UHSR are conducting investigations to determine the extent of their respective breaches. At this time, neither NSC nor TIAA has provided OSU with more specific information about what records were impacted by these breaches, but these records could potentially include personally identifiable information. OSU takes the privacy of our students' and employees' information very seriously, so we are providing this notice directly to you. If you are affected by any of the above data breaches, notices will be provided by UHSR, NSC, and/or TIAA.
For more information on the NSC cybersecurity incident, visit alert.studentclearinghouse.org. Students who have questions may email NSC at inquiries@studentclearinghouse.org. For more information on the TIAA cybersecurity incident, employees and retirees may direct questions to their assigned TIAA representative or call the toll-free assistance line at 800-842-2252.