Update on student data affected by cybersecurity attack on National Student Clearinghouse
September 28, 2023 10:51 AM

Dear students, faculty and staff: 

On July 3, we informed you that the National Student Clearinghouse (NSC) was among many organizations targeted by a global ransomware attack. The attack exploited a vulnerability in a software product widely used to transfer data files. NSC is a nonprofit and nongovernmental organization founded by and extensively used by the higher education community to carry out the functions of student enrollment and degree verification reporting. 

At the time we informed you about the NSC attack, we did not know the extent to which University of Illinois System students’ personal data had been obtained, but NSC assured us that they quickly closed down the unauthorized access by applying additional security measures at the software provider’s direction. 

Today, we have additional details to share resulting from our continued dialogue with NSC. That organization’s review of the files accessed in the attack found that the names and dates of birth of eight University of Illinois Urbana-Champaign students had been accessed, as well as the names and dates of birth of 11 University of Illinois Chicago students. Additionally, the intruders obtained the names of 92,274 Chicago, Springfield, and Urbana-Champaign students from NSC but none of their personal data fields were accessed.

Some key points to keep in mind:

• NSC is contacting the 19 students whose dates of birth were accessed, offering additional support to protect them from unauthorized use of that data. NSC will notify these students directly.
• Experts tell us the other 92,274 students whose names were obtained are not at increased risk as result of that limited exposure.  
• Students who enrolled for the first time this fall in any of our three universities are not affected.

While the vulnerability that enabled this incident was specific and has been reported extensively in the news media, other risks present themselves more subtly and on a much smaller scale.

We will continue to inform you of incidents that rise to this magnitude, but it is a good reminder to maintain a high level of vigilance in protecting university resources and in safely managing your personal business. We strongly encourage you to fully engage in the extensive cybersecurity training provided by the University of Illinois System, and we remind you below of some simple steps you can take to protect your identity.

Thank you, and best wishes for a safe, secure, and spectacular fall semester!

Sincerely,

Nicholas P. Jones
Executive Vice President and Vice President of Academic Affairs
University of Illinois System

Joe Barnes
Chief Digital Risk Officer
University of Illinois System

What can I do to protect my identity?

The University of Illinois System provides resources and strategies to help manage the risk of identity theft. We recommend that you use your right to a free annual credit report from each of the major credit reporting companies. To order your free annual report from one or all the national consumer reporting companies, visit www.annualcreditreport.com, or call toll-free 877-322-8228. Alternatively, you may contact each consumer reporting agency directly as follows: 

Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013 

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 

You may also wish to consider contacting the Federal Trade Commission: 

• Phone: 1-202-326-2222 
• Web: www.ftc.gov or www.consumer.ftc.gov/features/feature-0014-identity-theft.  
• Postal mail: 600 Pennsylvania Avenue NW, Washington, DC 20580.  

Please be aware that you can obtain information from these consumer reporting agencies and/or the Federal Trade Commission about fraud alerts and security freezes.