US Educational Institutions Compromised Through MOVEit
US Educational Institutions Compromised Through MOVEit

Image: iStrfry, Marcus (unsplash)

The ongoing MOVEit situation has identified even more affected entities, with the revelation that 890 US educational institutions affiliated with it experienced unauthorized data access.

The National Student Clearinghouse provides various services, including degree verification and enrollment validation. It boasts an impressive network, which consists of 3,600 colleges and universities and an additional 22,000 high schools.

In a disclosure notice featured on the Office of the California Attorney General’s website, the non-profit disclosed the magnitude of a data incident from May that affected numerous member institutions.

The organization got wind of the matter involving the MOVEit managed file transfer software from its creators at Progress Software.

Upon discovery, the National Student Clearinghouse acted swiftly, launching an in-depth inquiry with the guidance of leading data protection specialists and collaborating with relevant authorities. Their investigation revealed that on June 20, 2023, unauthorized individuals accessed specific files using the MOVEit platform. The unauthorized access appears to have taken place approximately on May 30, 2023.

The acquired files by the unauthorized entity consisted of personal details, including individuals’ names, birth dates, contact information, Social Security numbers, student IDs, and specific academic records, such as enrollment logs, degree documentation, and course data. The scope of the data compromise varied from one individual to another.

In response, the National Student Clearinghouse updated the software to address the vulnerability and enhanced its surveillance measures. Furthermore, they have offered the affected parties identity monitoring services for a two-year span.

A comprehensive list shows that the compromised academic entities span a wide range across the US.

The financial implications stemming from the MOVEit incident continue to be ascertained. Nonetheless, it’s estimated that numerous organizations, including the likes of the National Student Clearinghouse, experienced repercussions, influencing millions of end-users and clientele worldwide.

Industry analysts speculate that the malevolent group Clop might stand to profit substantially, potentially up to $100 million, by capitalizing on these compromised entities, given that even a minor fraction of them agrees to their demands.