The National Student Clearinghouse, an educational nonprofit that provides reporting, verification, and research services to colleges and universities in North America, has revealed that nearly 900 schools are impacted by the MOVEit hack.
A ransomware group gained access to information belonging to thousands of organizations and millions of individuals earlier this year by exploiting a zero-day vulnerability in the MOVEit managed file transfer software.
According to cybersecurity firm Emsisoft, which has been keeping track of the organizations that were directly and indirectly impacted by the MOVEit hack, the total number of victims reached 2,053 on September 22. The total number of impacted individuals exceeds 57 million.
One of the impacted organizations is the National Student Clearinghouse, which last week informed the California attorney general’s office that nearly 900 colleges and universities that use its services are impacted by the MOVEit hack.
The National Student Clearinghouse informed Maine’s attorney general in late August that more than 51,000 individuals are affected by the incident.
In data breach notifications sent out to impacted individuals, the organization said its MOVEit server was hacked in late May, but it only determined on June 20 that certain files storing information from the student record database had been stolen.
The National Student Clearinghouse said the compromised information includes name, date of birth, contact information, social security number, student ID number, and school-related records, including degree and enrollment records and course-level data. “The data that was affected by this issue varies by individual,” the organization clarified.
A significant number of major organizations were hit by the MOVEit attack, including the US Department of Energy, Norton parent company Gen Digital, as well as energy giants Siemens Energy, Schneider Electric, and Shell.
Some organizations exposed the personal information of millions of individuals, including French governmental unemployment agency Pole Emploi (10 million), the Colorado Department of Health Care Policy and Financing (4 million), and government services provider Maximus (11 million).
Related: Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers
Related: Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach
Related: IBM Discloses Data Breach Impacting Janssen Healthcare Platform
