COLUMBIA — The University of Missouri System confirmed Wednesday morning that some employee and student personal information was compromised during a global cyber attack earlier this summer.
“Some of that information could be personal, like your name, your birth date, possibly your Social Security number,” UM System spokesperson Christian Basi said.
In late May, millions of people and hundreds of corporations were affected by the breach involving MOVEit, a file transfer software used to share large files between organizations.
The MOVEit software is used by some UM System departments as well as outside vendors, according to a news release sent Wednesday.
UM System officials started an independent investigation to determine what data and individuals might be impacted and have “initially determined that some personal data has been compromised.”
“This is a large-scale investigation and as such, many details, including the specific types of information and the number and identity of the individuals impacted, have not been confirmed at this time,” Ben Canlas, interim vice president for Information Technology, said.
Specifically, the UM System said Pension Benefit Information, LLC (PBI), a university subcontractor that assists the university with pensions, and National Student Clearinghouse, a service used for academic information reporting, were impacted.
Basi said this means that both current and former students and staff could be affected.
Success! An email has been sent to with a link to confirm list signup.
Error! There was an error processing your request.
“One of the outside companies that we work with also assists us with our pension processes,” Basi said. “So they have data that potentially impacts current and former employees because they assist with the processes related to our pension.”
The St. Louis Post Dispatch reported in June that a Russian hacking group claimed the UM System was among the victims of the global cyber attack.
Wednesday’s news release said the university was “notified recently” of the breach. Basi said the university wanted to wait to alert until it had confirmation that personal information had been impacted.
“We’ve gotten to that point in the investigation where we have identified, yes, we have had some files that were impacted,” Basi said. “So we know we’re likely to find some additional information, but we don’t want to wait any further.”
Any impacted individual will receive a more detailed letter from the university about the breach and what actions they can take. Basi did not have a timeline of when it will learn the specific number of individuals affected.
Basi said the university plans to continue to work with MOVEit and utilize the software but will continue to evaluate different campus software packages.
The UM System encouraged individuals to protect their information by the following actions:
- Check credit reports annually. Credit reports can be obtained for free by going to AnnualCreditReport.com.
- Consider placing a credit freeze on the credit report with each of the three credit-reporting agencies.
- Block electronic access to Social Security information by calling the Social Security Administration at 1-800-772-1213.
- Remain suspicious of any emails coming from unknown individuals or any emails with attachments or requests to click on links.
- Not sharing personal information on email, social media posts or in other electronic formats. That information might include passwords, Social Security numbers and financial account information.