Skip to Main Content Skip to bottom Skip to Chat, Email, Text

Notice regarding National Student Clearinghouse MOVEit Incident 

Posted August 3, 2023

There has been an incident involving one of our service providers, National Student Clearinghouse (NSC). We are providing the details we know at this point in time and will keep you updated via this post in the University of Phoenix's Media Center.

The NSC provides a variety of services to a wide spectrum of educational institutions, from kindergartens to universities, including to the University of Phoenix. In providing those services, they transmit and receive data from educational institutions using a secure file transfer solution called MOVEit Transfer (“MOVEit”). Unfortunately, a previously unknown vulnerability in the MOVEit file transfer software may have caused certain data within NSC to have been accessed without authorization. An investigation is ongoing. Information about the NSC incident is available here.

We should note that the University of Phoenix does not use the MOVEit software; therefore, our data systems were not affected by the incident. However, we have been informed by NSC that data pertaining to University of Phoenix students may have been affected. We are working with NSC to determine what data may have been affected. Information about the NSC incident is available here.

If your information is affected, you will be notified directly. In the meantime, you can take one or more of the steps explained in the following FAQs to protect your personal information.

FAQs

  • An incident occurred which involved data transmitted by third-party service providers to educational institutions and corporations around the world.
  • One of the primary service providers to educational institutions is the National Student Clearinghouse (NSC). The NSC provides a variety of services to a wide spectrum of educational institutions, from kindergartens to universities.
  • The NSC provides services to around 3,600 colleges nationwide, representing nearly all (97 percent) of postsecondary enrollment in the country.
  • In providing services to educational institutions, the NSC transmits and receives data using a secure file transfer protocol involving MOVEit Transfer software (“MOVEit”). Unfortunately, the MOVEit file transfer software was accessed without authorization which may have caused certain data to have similarly been accessed without authorization. 
  • The NSC recently notified the University of Phoenix that current and former student information may have been affected, although they represented that they do not yet know of any specific student information that may have been affected. 

  • Review Your Account Statements and Notify Financial Institution and Law Enforcement of Suspicious Activity: As a precautionary measure, you should remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities.
  • Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified below. Additional information is available at http://www.annualcreditreport.com.

Equifax
P.O. Box 105851
Atlanta, GA 30348
1-800-525-6285
www.equifax.com

Experian
P.O. Box 9532
Allen, TX 75013
1-888-397-3742
www.experian.com 

TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-916-8800
www.transunion.com

  • Security Freeze: You have the right to put a security freeze on your credit file for up to one year at no cost.  This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. 

  • University of Phoenix takes the security of student information extremely seriously and has rigorous procedures in place to vet our partners for their cybersecurity practices.
  • The NSC is a nationwide organization that serves many universities. The vulnerability occurred with one of NSC’s vendors, the secure file transfer software MOVEit Transfer.
  • Prior to the incident, the secure file transfer software MOVEit, was recognized throughout the industry as a secure means of transmitting data.