Data Breach Affects 890 U.S. Schools

Introduction

IT Services has recently discovered a data breach that has impacted 890 schools across the United States. National Student Clearinghouse, a nonprofit educational organization, has reported this breach, which compromised their MOVEit managed file transfer (MFT) server. This breach resulted in the theft of personal information belonging to individuals associated with these schools.

Details of the Breach

According to the breach notification letter submitted to the Office of the California Attorney General, the cyberattack occurred on May 30, 2023. The hackers gained unauthorized access to Clearinghouse’s MOVEit MFT server. Clearinghouse, in collaboration with leading cybersecurity experts and law enforcement, promptly initiated an investigation following the discovery of the breach.

The stolen files contained various types of personally identifiable information (PII), including names, dates of birth, contact information, Social Security numbers, student ID numbers, and certain school-related records such as enrollment and degree information.

Each affected individual may have had different sets of data exposed in the attack. To view the complete list of educational organizations affected by this breach, please click here.

Clearinghouse’s Services

IT Services would like to highlight that Clearinghouse is a crucial provider of educational reporting, data exchange, verification, and research services. They serve approximately 22,000 high schools and 3,600 colleges and universities, accounting for around 97% of students enrolled in public and private institutions.

The Culprit: Clop Ransomware Gang

The cybercriminals responsible for these attacks are known as the Clop ransomware gang. They initiated a series of data theft attacks starting on May 27, taking advantage of a zero-day security flaw in the MOVEit Transfer secure file transfer platform.

As of June 15, the hackers began extorting organizations affected by the attacks. They exposed the names of these organizations on their dark web data leak site. The aftermath of these attacks is expected to impact numerous organizations worldwide, with some already notifying their affected customers over the past four months.

Despite the large number of potential victims, it is estimated that only a limited number will succumb to Clop’s ransom demands. Nevertheless, it is projected that the cybercrime gang will collect an estimated $75-100 million in ransom payments, given their high ransom requests.

In addition to educational institutions, it has been reported that multiple U.S. federal agencies and two U.S. Department of Energy (DOE) entities have also fallen victim to these data theft and extortion attacks. For more information on these incidents, please refer to the following sources: CNN and Federal News Network.

H/T Brett Callow