The University says that the stolen data is from as far back as 2021, possibly earlier, meaning that graduates may have been impacted.
The leak of this data is not the result of a direct breach of any systems operated or maintained by CSU but rather a compromise of the University’s service vendors, TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife, and The Hartford.
All of these providers utilized the MOVEit Transfer security file transfer platform, which was breached in a wave of data-theft attacks in May 2023.
Read more from Bleeping Computer.
