Cyber Incident Victim: Temple University

Temple University's Information Technology Services (ITS) became aware of a significant security incident through notifications received from two of its service providers, the National Student Clearinghouse (NSC) and TIAA. These notifications, received over a period of several weeks leading up to the end of May 2023, informed the university that a data breach had occurred. The breach was not a direct intrusion into Temple University's own internal systems but was instead related to a third-party file transfer tool known as MOVEit Transfer. This tool was utilized by both NSC and TIAA for handling data, and the security vulnerability within it led to a compromise of information. The incident was not isolated to these two providers or to Temple University; it was part of a much larger, widespread cyber event that impacted a broad array of organizations across the United States. Educational institutions, governmental bodies, and research organizations were among the many entities nationwide that were affected by this exploitation of the MOVEit software.

Upon receiving these notifications, Temple University's ITS department immediately initiated a process to gather additional and more precise details from both the National Student Clearinghouse and TIAA. The primary objective of this information-gathering phase was to understand the full scope and scale of the breach's impact specifically on the Temple University community. This involved determining exactly what types of data were potentially exposed, which individuals within the university's ecosystem—including students, faculty, staff, and possibly alumni—were affected, and the extent of the data that was accessed or exfiltrated. The university recognized the seriousness of the situation and the potential risk to its constituents' personal information, prompting a coordinated effort to assess the damage and formulate a comprehensive response plan in collaboration with the affected service providers.

The nature of the incident centered on a critical vulnerability within the MOVEit Transfer application, a widely used platform for secure managed file transfers. Threat actors identified and exploited this vulnerability to gain unauthorized access to systems and data stored by organizations using the software. Since both NSC and TIAA employed this tool in their operations with Temple University, the data they were handling on the university's behalf became caught up in the broader attack. The National Student Clearinghouse is a vital organization for the higher education sector, providing critical services such as student verification, enrollment reporting, and degree verification. TIAA is a major financial services organization that provides retirement and investment services to many academic and non-profit institutions. The involvement of these two particular providers meant that a wide spectrum of sensitive data could potentially be involved, from academic and enrollment records to personally identifiable information and financial details.

To ensure transparent and timely communication with its entire community, Temple University's leadership, specifically Larry Brandolph, the Vice President for Information Technology and the University Privacy Officer, distributed a comprehensive email to all students, faculty, and staff on July 12, 2023. This communication served as the official university announcement regarding the incident. The email provided complete details about the breach as they were understood at that time, explaining the origin of the event through the third-party providers and the MOVEit vulnerability. It also directed individuals to a dedicated resource for ongoing information and updates. The university established a central webpage at its.temple.edu/security-incident-response-and-investigation to act as a hub for all related information, ensuring that the community had a single, authoritative source to reference for the latest developments and guidance.

The incident continued to be an active and evolving situation throughout July 2023, as evidenced by the ongoing updates provided by the university. The initial article noting the breach was posted on May 31, but the situation required continuous monitoring and investigation. The last update recorded for this particular status item was on Sunday, July 23, 2023, at 06:04 PM, indicating that the university was actively working on the issue for a significant duration, providing the community with new information as it became available from NSC and TIAA. This sustained effort highlights the complexity involved in managing a cybersecurity incident that originates from a third party, as the affected organization is largely dependent on the external providers for crucial forensic details and the specifics of the data compromise. Temple University's response was characterized by a methodical approach focused on gathering accurate information from its partners before relaying it to its community, thereby avoiding speculation and providing facts. The overarching narrative of this incident is one of a university responding to a external cyberattack that impacted its service providers, leading to a potential compromise of community data, and the subsequent efforts to manage the fallout through investigation and transparent communication.