On July 7, 2023, the University of Utah posted notice of three vendor data breaches on its website. In this notice, U of U explains that the incident resulted in an unauthorized party being able to access sensitive information belonging to students, employees and a limited number of donors. While the incidents are still under investigation, the U of U reports that certain employees’ names, Social Security numbers, and dates of birth were affected. The U of U also notes that the three vendors will begin sending out data breach notification letters to all individuals whose information was affected by the recent data security incidents.

If you received a data breach notification from the National Student Clearinghouse (“NSC”), the Teachers Insurance and Annuity Association of America (“TIAA”) or TIAA Kaspick, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the University of Utah vendor data breaches. For more information, please see our recent piece on the topic here.

What Caused the Data Breaches Affecting University of Utah Faculty and Staff?

The University of Utah vendor data breaches were only recently announced, and more information is expected in the near future. However, the U of U’s website notice, entitled “The University of Utah Statement: MOVEit Vendor Data Breaches,” sheds some light on what happened.

According to this source, the University of Utah recently learned of three vendor data breaches, each of which impacts a different group.

On June 29, 2023, TIAA Kaspick alerted the U of U that approximately 30 donors were affected by a breach involving TIAA Kaspick’s use of the MOVEit file transfer software.

On July 7, TIAA informed the University of Utah that the names, Social Security numbers and dates of birth of 13,8000 current and former employees were compromised. Although the school’s notice doesn’t specifically indicate that this breach was related to MOVEit, that appears to be the case.

Finally, on an undisclosed date, the National Student Clearinghouse informed the University of Utah that student data provided to NSC may have been compromised.

On July 7, 2023, the University of Utah posted a notice of all three vendor breaches on its website. In this notice, the U of U explains that the companies experiencing the breach will directly inform those whose information was leaked. In other words, the University of Utah will not be providing individual data breach letters, and potential victims should keep an eye out for data breach letters from TIAA, TIAA Kaspick or NSC.

More Information About the University of Utah

Founded in 1850, the University of Utah is an educational institution based in Salt Lake City, Utah. The U of U organizes its 150 academic departments and programs into 17 different schools and colleges, including David Eccles School of Business, the College of Health, the College of Engineering, the School for Cultural and Social Transformation and S.J. Quinney College of Law. The University of Utah employs more than 13,300 people and generates approximately $5.7 billion in annual revenue.