Third-party cybersecurity incident affects BTC community

Bellingham Technical College has been notified by the National Student Clearinghouse (NSC) of a cybersecurity incident that may have exposed personally identifiable information of BTC students.

The cybersecurity incident involved data maintained by the National Student Clearinghouse, which provides educational reporting, data exchange and degree verification services to more than 3,600 colleges and universities nationwide. The exposure was part of a global data security incident involving MOVEit, a file transfer software used by thousands of organizations around the globe, including the National Student Clearinghouse. As has been reported in the press, this MOVEit incident has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations.

The Clearinghouse began its internal investigation immediately after learning about the vulnerability and found that files had been accessed or taken. The Clearinghouse has notified data providers whose information appeared in the affected files, and Bellingham Technical College was among those notified. Learn more details about the incident and how the National Student Clearinghouse is handling it on the NSC website.

At this time, BTC has not been provided additional details from NSC about which student data was impacted. The second phase of the NSC investigation is happening now to identify that information and is expected to be completed soon. NSC will then provide colleges with a list of individuals at their organization who have been affected and the types of personally identifiable information that may have been included, such as names, dates of birth, contact information, enrollment and degree information, student identification numbers, and Social Security numbers. The National Student Clearinghouse will notify those impacted students using the address that BTC has on file.

We understand this news may cause stress and recognize the uncertainty that this incident brings to our community. BTC is working diligently to track this situation and will provide timely updates on this page.

Aug. 9 Update

BTC received an update from the National Student Clearinghouse (NSC) Wednesday, Aug. 9, about its ongoing investigation of the MOVEit cybersecurity incident.

NSC reported that its investigation did not identify any individuals associated with BTC whose Social Security number, student identification number or date of birth was included in the affected files. NSC reported to BTC that the type of information that was included varies by individual, and for BTC’s affected data, it generally included names, contact information, and educational information such as enrollment, degree, and course data.

NSC also reported that it will not be notifying individuals directly about the breach because no SSN, student ID or birth dates were included for BTC’s affected files. NSC reported it will provide BTC with the names of the individuals whose personal information was identified in the affected files within the next week. BTC will update this site as it learns more from NSC.

What steps can I take to protect myself?

The Federal Trade Commission offers recommendations if you think your personal information has been compromised.

These steps include:

Closely monitor your credit reports.

You can obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.

Place a fraud alert on your accounts.

A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.

Freeze your credit at each of the three major credit reporting agencies.

If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission at www.identitytheft.gov

Block electronic access to your Social Security information.

Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.