Connect with us

Malware

Unprecedented Data Breach Shakes Nation’s Education System: 890 Schools Impacted by National Student Clearinghouse MOVEit Breach

The National Student Clearinghouse recently suffered a breach, impacting around 890 schools. Attackers gained unauthorized access to the organization’s File Transfer Service, MoveIt, potentially compromising sensitive information. The incident highlights the significance of robust security measures for educational institutions. Immediate action must be taken to safeguard student data and prevent further breaches in the future.

Published

on

A group of business people in a room with a lot of different icons.

Data Breach Affects 890 U.S. Schools

Recently, U.S. educational nonprofit National Student Clearinghouse reported a data breach that has impacted 890 schools across the United States. The breach notification letter filed with the Office of the California Attorney General disclosed that the attackers accessed the MOVEit managed file transfer (MFT) server on May 30 and stole files containing various personal information.

“On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution,” stated Clearinghouse.

Upon discovering the issue, Clearinghouse promptly launched an investigation with the assistance of leading cybersecurity experts and collaborated with law enforcement agencies.

The stolen documents contain personally identifiable information (PII) such as names, dates of birth, contact details, Social Security numbers, student ID numbers, and certain school-related records like enrollment records, degree records, and course-level data.

The extent of data exposed in the attack varies for each affected person. For a comprehensive list of educational organizations impacted by this significant data breach, please click here.

Clearinghouse is a provider of educational reporting, data exchange, verification, and research services to approximately 22,000 high schools and 3,600 colleges and universities. Their participants account for around 97% of students enrolled in public and private institutions.

Clop Ransomware Group Responsible for MOVEit Hacks

The MOVEit Transfer secure file transfer platform has been targeted by the Clop ransomware gang, resulting in extensive data theft attacks since May 27. The cyber criminals exploited a zero-day security flaw to carry out these attacks.

Starting from June 15, the attackers began extorting organizations that fell victim to the hacks, publicly exposing their names on the dark web data leak site operated by the group.

The fallout from these attacks is expected to impact numerous organizations worldwide, with many already notifying affected customers over the past four months.

Despite the large number of potential victims, Coveware estimates that only a limited number are likely to comply with Clop’s ransom demands. Nevertheless, it is anticipated that the cybercrime gang will collect an estimated $75-100 million in ransom payments due to their high demands.

Reports have also surfaced regarding the data theft and extortion attacks targeting multiple U.S. federal agencies and two entities within the U.S. Department of Energy (DOE).

H/T Brett Callow

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Massive Roblox Vendor Data Breach: Dev Conference Attendee Info Shockingly Exposed

A Roblox vendor data breach has exposed personal information of Roblox Developers Conference attendees. The breach, discovered on November 8, exposed names, billing addresses, and order details of customers, but no financial data. Roblox has since terminated the vendor’s contract and is taking steps to prevent future breaches.

Published

on

Imagine you’re a dedicated developer, excited to attend a prestigious conference to connect with peers and learn about innovative tools in your field. You register, book your flight, and eagerly await the event. Now imagine the disappointment and concern you’d feel if you discovered your personal information had been exposed due to a data breach. Unfortunately, this scenario recently became reality for attendees of the Roblox Developer Conference.

Roblox, a wildly popular online gaming and game creation platform, boasts over 200 million active users, many of whom are young developers eager to design, create, and share games with their community. Each year, the company holds a Roblox Developer Conference (RDC) to provide networking opportunities and learning experiences for these talented individuals.

However, a notice published recently revealed that FNTech, the vendor responsible for handling registration for the conference, suffered a data breach. Unauthorized access to its systems led to the exposure of personal information belonging to attendees of the 2022, 2023, and 2024 RDC events.

What was exposed, and who is affected?

The data breach resulted in the theft of attendees’ full names, email addresses, and IP addresses. According to the data breach notification service Have I Been Pwned (HIBP), 10,386 unique email addresses were exposed. Of these, 63% (6,500) had not been exposed in previous breaches.

Worryingly, this isn’t the first time Roblox developers have been targeted. In July 2023, HIBP added information about nearly 4,000 Roblox developer accounts to its database. These individuals, also RDC attendees, had their data leaked on a hacker forum following a 2021 breach that impacted attendees from 2017 to 2020.

Understanding the risks and taking action

While the recent breach doesn’t directly put Roblox developers in immediate danger, it does increase the likelihood of targeted phishing attacks. Armed with their personal information, cybercriminals could easily craft convincing messages designed to trick developers into revealing even more sensitive data.

In response to the breach, Roblox has taken steps to prevent similar incidents in the future. However, this isn’t the first time the platform and its users have faced security threats. In November 2022, over 200,000 users installed a malicious Chrome extension called SearchBlox, which contained code designed to steal Roblox account credentials.

Don’t let this happen to you!

As an IT Services company specializing in cybersecurity, we understand how devastating data breaches can be, not only to businesses but also to individuals like the RDC attendees. Don’t leave your security to chance—reach out to us for expert advice and support to keep your data safe and secure.

Together, we can help prevent cyberattacks and protect your personal information from falling into the wrong hands. And remember, always stay vigilant and be cautious of any suspicious emails or messages, no matter how convincing they may seem.

Contact us today to learn more about our cybersecurity services, and keep coming back for the latest news and insights in the world of online safety.

Continue Reading

Malware

Shopify Debunks Hacking Claims, Exposes Stolen Data Connection to Third-Party App

Shopify has denied being hacked after suspicious emails were sent to customers, blaming a third-party app for the data breach. The firm’s investigation revealed that the app had accessed and stolen data from Shopify’s API, but the incident was not a security breach of the platform itself.

Published

on

Shopify, the popular e-commerce platform, has recently denied experiencing a data breach after a threat actor started selling customer data that they claimed to have stolen from Shopify’s network. But, don’t worry, it’s not as bad as it seems.

What Shopify had to say

According to Shopify, the company’s systems have not suffered a security incident. They told us, “The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.

This statement comes after a threat actor, known as ‘888’, began selling data they claimed was stolen from Shopify back in 2024.

Selling alleged Shopify data on a hacking forum
Selling alleged Shopify data on a hacking forum
Source: IT Services

What’s in the data?

The threat actor shared data samples that include a person’s Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date. While this information is significant, it’s important to remember that Shopify itself wasn’t directly breached.

Unfortunately, Shopify did not provide any further information about the app from which this customer’s data was stolen.

A history of data leaks

The threat actor, 888, has been linked to previous data sales or leaks allegedly involving companies like Credit Suisse, Shell, Heineken, Accenture India, and Unicef.

It’s also worth noting that in 2020, Shopify disclosed that two “rogue members” of its support team accessed customer transactional records of about 200 merchants. While this is concerning, it’s essential to recognize the proactive steps the company has taken to address security issues.


Stay informed and protect your data

While this particular incident doesn’t seem to be a direct breach of Shopify’s systems, it’s still a reminder to stay vigilant when it comes to our data. Make sure to stay informed about potential threats and take the necessary steps to protect your personal information.

If you’re interested in learning more about cybersecurity and how to keep your data safe, don’t hesitate to contact us and keep coming back for more valuable information.

Continue Reading

Malware

Hackers Expose Supposed Taylor Swift Tickets, Intensify Ticketmaster Blackmail with Power Word

Hackers have leaked alleged Taylor Swift concert tickets and intensified their extortion efforts against Ticketmaster. The group, known as REvil, is demanding a $10 million ransom for the stolen data and threatening to reveal more.

Published

on

Imagine being a die-hard Taylor Swift fan, eagerly awaiting her next concert, and then finding out that your ticket information has been compromised. Well, that’s precisely what happened to a large number of fans recently when hackers leaked the barcode data of 166,000 Taylor Swift Eras Tour tickets. The hackers have warned that more events will be leaked if a $2 million extortion demand isn’t met.

Back in May, a notorious threat actor named ShinyHunters started selling data on 560 million Ticketmaster customers for $500,000. Ticketmaster later confirmed the data breach, stating it was from their account on Snowflake, a cloud-based data warehousing company they use to store databases, process data, and perform analytics.

By April, threat actors had begun downloading Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware. They then blackmailed these companies, demanding payment to prevent the data from being leaked or sold to other threat actors. Companies known to have had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

When Concert Dreams Turn into Nightmares

Today, a threat actor known as Sp1d3rHunters has leaked what they claim is the ticket data for 166,000 Taylor Swift Eras Tour barcodes used to gain entry on various concert dates.

Sp1d3rHunters, previously named Sp1d3r, is the threat actor behind the sale of data stolen from Snowflake accounts, publicly extorting the various companies for payments. The extortion demand, shared by threat intel service HackManac, reads, “Pay us $2million USD or we leak all 680M of your users’ information and 30 million more event barcodes, including more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL, and thousands more events.”

The post claims the barcode data is for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis. It includes a small sample of the alleged barcode data, containing the value used to create a scannable barcode, seat information, the face value of tickets, and other information. The threat actor even shared details on how to turn this data into a scannable barcode.

While the barcode data wasn’t part of the initial leak of stolen Ticketmaster data samples released by the threat actors in May, some of the newly leaked data can be found in the older leaks, including the hashed credit card and sales order information for the tickets.

The group behind these attacks is ShinyHunters, which has been responsible for many data breaches over the years. These include leaking the data for 386 million user records from 18 companies in 2020, an AT&T breach impacting 70 million customers, and most recently, the leaking of 33 million phone numbers used with the Authy multi-factor authentication app.

Update: Ticketmaster has informed us that unique barcodes are updated every few seconds, so the stolen tickets cannot be used. “Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” Ticketmaster told us. “This is just one of many fraud protections we implement to keep tickets safe and secure.” They also confirmed that they did not engage in any ransom negotiations with the threat actors, disputing ShinyHunter’s claims that they were offered $1 million to delete the data.

Protect Yourself and Stay Informed

This incident is just one example of how vulnerable our personal data can be in the digital age. To stay informed about cybersecurity threats and how to protect yourself, make sure to keep coming back to our IT Services page. Our team of experts is dedicated to helping you stay one step ahead of cybercriminals. Don’t let hackers ruin your concert experience or compromise your personal information. Stay informed and stay safe.

Continue Reading

Trending

Copyright © 2023 IT Services Network.