Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse

Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse.

The National Student Clearinghouse, an educational nonprofit that provides reporting, verification, and research services to colleges and universities in North America, has revealed that nearly 900 schools are impacted by the MOVEit hack.

A ransomware group gained access to information belonging to thousands of organizations and millions of individuals earlier this year by exploiting a zero-day vulnerability in the MOVEit managed file transfer software.

According to cybersecurity firm Emsisoft, which has been keeping track of the organizations that were directly and indirectly impacted by the MOVEit hack, the total number of victims reached 2,053 on September 22. The total number of impacted individuals exceeds 57 million.  

One of the impacted organizations is the National Student Clearinghouse, which last week informed the California attorney general’s office that nearly 900 colleges and universities that use its services are impacted by the MOVEit hack.

The National Student Clearinghouse informed Maine’s attorney general in late August that more than 51,000 individuals are affected by the incident.

In data breach notifications sent out to impacted individuals, the organization said its MOVEit server was hacked in late May, but it only determined on June 20 that certain files storing information from the student record database had been stolen. 

The National Student Clearinghouse said the compromised information includes name, date of birth, contact information, social security number, student ID number, and school-related records, including degree and enrollment records and course-level data. “The data that was affected by this issue varies by individual,” the organization clarified.

A significant number of major organizations were hit by the MOVEit attack, including the US Department of Energy, Norton parent company Gen Digital, as well as energy giants Siemens Energy, Schneider Electric, and Shell

Advertisement. Scroll to continue reading.

Some organizations exposed the personal information of millions of individuals, including French governmental unemployment agency Pole Emploi (10 million), the Colorado Department of Health Care Policy and Financing (4 million), and government services provider Maximus (11 million).

Related: Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers

Related: Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach

Related: IBM Discloses Data Breach Impacting Janssen Healthcare Platform

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.