On June 30, 2023, Trinity College posted a notice on its website describing two third-party data breaches that may impact confidential information belonging to Trinity College students, faculty and staff members. Evidently, two of Trinity College’s services providers, the Teachers Insurance and Annuity Association (“TIAA”) and the National Student Clearinghouse (“NSC”), used a file-transfer software that contained a vulnerability giving hackers access to information stored within the platform. Thus, while the breach did not impact Trinity’s computer system, both TIAA and NCS informed Trinity College that confidential information belonging to Trinity students and employees may have been subject to unauthorized access. Once TIAA and NSC complete their respective investigations, the companies will begin sending out data breach notification letters to all individuals whose information was affected by the recent data security incidents.

If you receive a data breach notification from TIAA or the National Student Clearinghouse, it is essential you understand what is at risk and what you can do about it. While Trinity College provided notice of the breach on its website, hackers didn’t obtain student and employee information from Trinity’s IT network. Instead, they targeted software created by a third party and used by two of Trinity College’s service providers. Regardless of how the incident occurred, the end result is the same: your sensitive data may be in the hands of criminals looking to steal your identity. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the data breaches affecting Trinity College. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Trinity College Students and Staff?

The Trinity College data breach was only recently announced, and more information is expected in the near future. However, the notice Trinity College posted on its website provides important information on what led up to the breach.

According to this source, Trinity College deals with two service providers, the Teachers Insurance and Annuity Association and the National Student Clearinghouse. To enable these companies to perform the contracted services, Trinity College gave both NSC and TIAA information. Trinity gave TIAA information related to employees and NSC information related to students.

Both TIAA and NSC use or used a file-transfer software called MOVEit, created by Progress Software, LLC.

In May 2023, Progress Software, LLC, announced a vulnerability affecting the MOVEit software that allowed unauthorized parties to access information that was transferred or stored on the platform. Because both TIAA and NSC used MOVEit to transfer data provided by Trinity College, each of these companies informed Trinity College that certain information belonging to students, staff members and faculty members may have been accessible to an unauthorized party.

On June 30, 2023, Trinity College posted a notice of the incidents on its website. However, because the breach did not impact Trinity College’s computer network, any data breach letters will likely come from the Teachers Insurance and Annuity Association or the National Student Clearinghouse.

More Information About Trinity College

Founded in 1823, Trinity College is a private liberal arts school located in Hartford, Connecticut. Trinity College offers students a choice between 41 majors and 28 interdisciplinary minors. Trinity College enrolls approximately 2,200 students each year, the vast majority of which are undergraduate students. Trinity College employs more than 927 people and generates approximately $214 million in annual revenue.