National MOVEit Data Breach

A graphic of akeyboard with computer code over it.

Published August 21, 2023

As recently reported in the news, a major data breach is affecting millions of people. The breach involved exploiting a security vulnerability with the file transfer tool “MOVEit” used by third-party organizations that have a relationship with many corporations and institutions of higher education across the country, including the University at Buffalo.      

Print

On This Page

What this means for UB

No systems operated or maintained by UB were breached. We are providing this information so everyone in our community can take steps to protect their personal information.

UB takes data privacy and information security very seriously and this matter is of utmost and vital importance to the university. UB Information Technology is leading the UB team that is actively evaluating the extent of the impact on students and employees.

Information about impacted third-party organizations

The following third-party organizations associated with UB have informed the university that they were impacted by the cyberattack and that confidential information belonging to some UB community members may have been compromised. We have been assured that the third-party systems have now been secured and that those third-parties are in various stages of their investigation in determining the impact of the cyber incident. The impacted companies will directly contact those affected with information about next steps. 

Things you can do to protect yourself

  1. Be extra vigilant: It is possible that cybercriminals may leverage stolen personal information from this attack to craft convincing phishing attacks in the coming weeks and months. An email, notice, or text message containing accurate information about you or one of your accounts is not enough to verify authenticity. Verify the source of a message before responding. Take note of how to identify a phishing attack. Phone calls may also be used to obtain personal or financial information.
  2. Monitor your financial accounts and credit: It is always wise to monitor your credit report for unusual activity. Consider putting a credit freeze in place to frustrate would-be scammers if you believe you are being targeted. 
  3. Secure your accounts: Remember to enable two-factor authentication and to use long passphrases for all of your accounts. Never give someone your password or a two-factor code if asked for it, even if they claim to be from a trusted organization.