Aerial view of campus with Williamsport, the Susquehanna River and Bald Eagle Mountain as a backdrop

National Data Breach Impacts National Student Clearinghouse and TIAA

Dear campus community,

We are writing to let the Lycoming community know about a privacy breach that has impacted multiple organizations and institutions of higher education across the U.S., including two external service providers with which Lycoming partners, the National Student Clearinghouse (NSC) and TIAA. It is important to note that no systems maintained by Lycoming College were breached. To date, the College has received notification from NSC concerning possible impact to Lycoming students. We’ve not received any notification from TIAA concerning impact to faculty or staff.  

This data breach involves a vulnerability in MOVEit, which is widely used data transfer software. At this time, neither NSC nor TIAA have shared specifics about the data that may have been compromised. In addition, no communications have been received from Progress Software—the company that owns MOVEit. We do know, however, that data that is shared with both NSC and TIAA includes personally identifiable information such as Social Security numbers and dates of birth. Currently, the extent of the breach and the specific impact on Lycoming students, faculty and staff is unclear, but we expect NSC, TIAA, and/or Progress Software will contact directly any affected individuals with information regarding next steps.  

While we do not have any information regarding malicious use of the data that was compromised, we do want to share the following recommendations to protect your personal information: 

  • Regularly review credit card activity and bank accounts.        
  • Place fraud alerts and credit freezes with major credit bureaus. This can prevent misuse of your personal information. For more information, see FTC Consumer Advice.            
  • Exercise caution with suspicious emails and communications.  
  • Update passwords. Longer passwords are encouraged. Use unique passwords for each website and application you access.  

In summary, this data breach did not involve Lycoming College systems. Our Information Security Incident Response Team, comprised of members of ITS, faculty, and administrators in various divisions, has been meeting frequently. They will continue to monitor the situation actively and provide updates as warranted. If you have any questions or concerns, please do not hesitate to email   


Robert L. Dunkleberger

Associate Vice President for Library & Information Technology Services