This is an update to provide important information about the Clearinghouse’s response to the MOVEit cybersecurity issue. As you know from our prior bulletin, an unauthorized third party exploited a vulnerability in the MOVEit Transfer software to obtain certain files transferred through the software, including files containing personal information that the Clearinghouse maintains on behalf of NMMI.

The Clearinghouse has engaged Kroll, an incident response service provider, to help the Clearinghouse provide NMMI with information about the individuals whose personal information was affected and to support the notification process.

What Information Was Involved?

The files obtained by the unauthorized third party contained personal information pertaining to current and former students of educational institutions and customers of education finance organizations.  The types of personal information that were included in the files varied by individual.  For NMMI’s affected data, they generally included names, contact information, and educational information such as enrollment, degree, and course-level data (the course-level data was contained in files such as transcripts and Postsecondary Data Partnership reports).

They did not identify any individuals associated with NMMI whose Social Security number (“SSN”), student identification number (“Student ID”), or date of birth (“DOB”), as provided by NMMI, was included in the affected files.

 Next Steps

 NMMI will continue to seek all the information we can get from Kroll and provide additional information when received.

National Student Clearinghouse (NSC) recently notified New Mexico Military Institute (NMMI) that NMMI may be impacted by a possible data security breach involving the MOVEit Transfer tool used by NSC. Many institutions around the country, including NMMI, transfer personally identifiable data through NSC, as required by the U.S. Department of Education for use in the National Student Loan Data System (NSLDS), for college students only.

While NMMI does not use this tool, the NSC does use the tool to transfer data files. NMMI systems were unaffected by this event and were not compromised. NSC’s investigation remains ongoing. Once they have completed their review, they will follow-up with NMMI regarding the impact to our institution, including a list of individuals affected. NMMI will continue to monitor the situation and will share any additional information when it becomes available. We encourage you to monitor your own personal information while we work with NSC to resolve this issue.

High school cadet data, including those high school cadets enrolled in college courses, is not reported through NSC; thus, it was definitely not impacted.

Learn more about NSC’s response

MOVEIt Transfer tool news