Two vendors notified Peninsula College of a cybersecurity incident that may have exposed information of current students and employees, college officials said in a press release on July 19.

The issue involved MOVEit Transfer, a popular file sharing application MOVEit Transfer used by hundreds of businesses and organizations worldwide. Though Peninsula College does not use the MOVEit software, two of the college’s vendors do and recently contacted the college about the potential exposure of personally identifiable information, college officials said.

The college has set up a website (pencol.edu/third-party-cybersecurity-incident-impacts-pc-community-members) with more information on the incident, which will update as more details become available.

The two vendors that have contacted Peninsula College are the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA).

PC contracts with NSC on a number of endeavors, including enrollment and degree verification services as well as student loan reporting requirements.

The National Student Clearinghouse is a nonprofit organization that provides educational reporting, data exchange, and verification services to more than 3,600 colleges and universities nationwide. Personally identifiable information and student education records are provided to NSC as part of this work.

Additional details about the incident are available on NSC’s website: alert.studentclearinghouse.org.

For more information, call TIAA’s National Contact Center 1-800-842-2252.

The college expects NSC and Pension Benefit Information, LLC, will contact impacted individuals directly, as required by law. The timeline of that notification is unknown.

Peninsula College is sending this message to inform students and employees so they can take steps to keep their identity as secure as possible.

Any members of the PC community who believe their personal information may have been compromised are advised to follow the recommendations of the Federal Trade Commission:

• Place a fraud alert on your accounts.

• A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.

• Freeze your credit at each of the three major credit reporting agencies.

If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at identitytheft.gov.

• Block electronic access to your Social Security information.

• Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.