Hundreds of US schools compromised following ransomware hack

Non-profit servicing hundreds of schools breached

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The National Student Clearinghouse has become the latest major victim of the infamous MOVEit managed file transfer breach.

However, the problem is - this organization is a service provider, servicing thousands of high schools and colleges across the US, and as a result, almost 900 schools have had sensitive data taken.

In a breach notification letter posted on the website of the Office of the California Attorney General, the National Student Clearinghouse confirmed the breach and detailed which information was taken.

Hundreds of victims

“After learning of the issue, we promptly initiated an investigation with the support of leading cybersecurity experts. We have also coordinated with law enforcement. Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023,” the notice reads.

“The relevant files obtained by the unauthorized third party included personal information such as name, date of birth, contact information, Social Security number, student ID number, and certain school-related records (for example, enrollment records, degree records, and course-level data). The data that was affected by this issue varies by individual.”

The National Student Clearinghouse is a non-profit organization providing educational reporting, verification, and research services to colleges and universities in North America. More than 3,600 colleges and universities are part of this network, as are some 22,000 high schools.

The organization said it patched its MOVEit instance and placed additional monitoring capabilities on its endpoints. At the same time, it gave the victims two years of identity monitoring services.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The National Student Clearinghouse is just the latest in a long string of victims of a supply chain attack that started with the breach of MOVEit.

MOVEit is a managed file transfer service used by hundreds of organizations and corporations, both in the private and public sectors. It was compromised by a knownransomwareactor - Cl0p. Infosecurity Magazine says, citing experts, that the threat actor could make as much as $100 million by extorting the victims of the breach, without breaking a sweat.

ViaInfosecurity Magazine

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time