On July 2, 2023, Webster University posted a notice on its website explaining that two of the school’s vendors, the National Student Clearinghouse (“NSC”) and Teachers Insurance and Annuity Association (“TIAA”), were impacted by the MOVEit Transfer vulnerability. In this notice, Webster University explains that while it does not use the MOVEit software, personal information belonging to students and employees may have been affected. Because the incident did not impact Webster University’s computer system, it is likely that NSC or TIAA will be sending data breach notifications to affected employees and students.

If you received a letter discussing a data breach affecting Webster University students or staff, it is essential you understand what is at risk and what you can do about it. While you may not have heard of the National Student Clearinghouse or the Teachers Insurance and Annuity Association, that’s to be expected because these are third-party vendors used by Webster University to perform certain services on the University’s behalf. However, this does not change the fact that your personal information may now be in the hands of criminals who intend to steal your identity. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Webster University data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Webster University Students and Faculty?

The data breach affecting Webster University faculty and students was only recently announced, and more information is expected in the near future. However, Webster University’s recent post entitled “University Statement Regarding the MOVEit Data Breach” provides some information. According to this source, both NSC and TIAA independently informed Webster University that personal information belonging to certain employees and students may have been leaked.

However, although TIAA reported the incident to Webster University, the incident wasn’t the result of TIAA using MOVEit. Evidently, TIAA contracts services from a vendor using MOVEit, which is how that incident occurred. The notice provided by Webster University does not provide any details about how the NSC breach occurred other than explaining that it involved MOVEit.

Webster University’s notice does not mention whether the University will send out data breach letters. However, based on the fact that neither incident involved Webster University’s computer system, it is likely that either TIAA or NSC will be sending data breach notification letters to affected parties.

More Information About Webster University

Founded in 1915, Webster University is a private university with multiple locations throughout the world and a main campus in Webster Groves, Missouri. Webster University offers its more than 10,000 students more than 160 program offerings through several colleges, including the College of Humanities & Social Sciences, the College of Health and Science, the Leigh Gerdine College of Fine Arts, the George Herbert Walker School of Business & Technology, the School of Communications, and the School of Education. Webster University employs more than 2,750 people and generates approximately $267 million in annual revenue.