{"id":146580,"date":"2023-07-14T11:53:03","date_gmt":"2023-07-14T15:53:03","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?p=146580"},"modified":"2023-10-30T09:55:40","modified_gmt":"2023-10-30T13:55:40","slug":"moveit-software-vulnerability-and-third-party-breaches","status":"publish","type":"post","link":"https:\/\/www.bu.edu\/tech\/2023\/07\/14\/moveit-software-vulnerability-and-third-party-breaches\/","title":{"rendered":"MoveIT software vulnerability and third-party breaches\u00a0"},"content":{"rendered":"<p>In late May, Boston University became aware of a vulnerability in a file transfer software package called \u201cMoveIT\u201d made by Progress Software.\u202f The federal Cybersecurity &amp; Infrastructure Security Agency (CISA)\u00a0<a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/06\/01\/progress-software-releases-security-advisory-moveit-transfer\">released an advisory on this topic<\/a>\u00a0on June 1st.<\/p>\n<p>Boston University is not a customer of MoveIT and was not directly affected by this vulnerability.<\/p>\n<p>We have received notifications from three vendors that we work with that they have suffered data breaches because of this vulnerability that may impact portions of our community.\u202f We take the protection of our community\u2019s data seriously and are working with these vendors to ensure any individuals who are impacted are made aware of the breach.<\/p>\n<p>The vendors that have notified us to date include:<\/p>\n<ul>\n<li><span>NASCO, a subcontractor to Blue Cross Blue Shield of Massachusetts (BCBSMA) which had access to data for employees enrolled in BCBSMA health plans. Questions regarding NASCO can be sent to <\/span><a href=\"mailto:hr@bu.edu\" data-ogsc=\"\" title=\"mailto:hr@bu.edu\">hr@bu.edu<\/a><span>.\u00a0Affected individuals will receive notifications directly from NASCO.<\/span><\/li>\n<li>Pension Benefit Information (PBI), a subcontractor to both Fidelity Investments and Teachers Insurance and Annuity Association of America (TIAA), which had access to data for some select employees.\u00a0 Questions regarding these vendors can be sent to hr@bu.edu.\u00a0Affected individuals will receive notifications directly from these vendors.<\/li>\n<li>National Student Clearinghouse (NSC), a nonprofit and nongovernmental organization and the leading provider of educational reporting, data exchange, verification, and research services, which had access to some student data. NSC has\u00a0<a href=\"https:\/\/alert.studentclearinghouse.org\/\">posted a public notice<\/a>about this breach. As of July 13th, 2023, we do not have any more details than what is in the public advisory. We expect additional updates in coming weeks and will update this notice accordingly.\u00a0On August 14th, 2023, we learned that a very small number of BU students were impacted. These students will receive notification from the University Registrar.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In late May, Boston University became aware of a vulnerability in a file transfer software package called \u201cMoveIT\u201d made by Progress Software.\u202f The federal Cybersecurity &amp; Infrastructure Security Agency (CISA)\u00a0released an advisory on this topic\u00a0on June 1st. Boston University is not a customer of MoveIT and was not directly affected by this vulnerability. We have&#8230;<\/p>\n","protected":false},"author":4352,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[795,1867,17001],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/146580"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=146580"}],"version-history":[{"count":3,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/146580\/revisions"}],"predecessor-version":[{"id":148568,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/posts\/146580\/revisions\/148568"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=146580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/categories?post=146580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/tags?post=146580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}