National Student Clearinghouse Data Breach Affects 900 US Schools

September 24, 2023

The National Student Clearinghouse (NSC), a nonprofit organization in the U.S. that provides educational verification and reporting services to schools, employers, and other organizations, has revealed a data breach that affected around 900 U.S. schools using its services. The security breach was the result of a cyber attack that exploited a vulnerability in the MOVEit managed file transfer (MFT).

This attack is linked to the extensive MOVEit hacking campaign that targeted organizations globally in late May. The NSC was informed about a cybersecurity issue involving the MOVEit Transfer solution by Progress Software, their third-party software provider, on May 31, 2023. This tool is used by many organizations, including NSC, to support data file transfers.

Upon being notified of the issue, NSC immediately initiated an investigation with the help of top cybersecurity experts, and also coordinated with law enforcement. The investigation revealed that an unauthorized party had obtained certain files from the MOVEit tool around May 30, 2023.

The cyber attack on May 30 allowed threat actors to access files containing personal information such as names, dates of birth, contact details, Social Security numbers, student ID numbers, and specific school-related records like enrollment records, degree records, and course-level data. The data affected by this issue varies per individual, as stated in the data breach notification letter.

The NSC is urging affected individuals to stay vigilant by checking their account statements and monitoring their free credit reports for any suspicious activity. The Clop ransomware group is suspected to have compromised hundreds of companies worldwide by exploiting a vulnerability in the MOVEit Transfer software. This software is a managed file transfer used by businesses to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability that can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. All MOVEit Transfer versions are affected by this vulnerability, except for the cloud version of the product.

In early June, the Clop ransomware group, also known as Lace Tempest, was recognized by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. At that time, the Clop ransomware group posted an extortion note on its dark web leak site claiming to have information on hundreds of businesses.

Related News

• Clop Ransomware Gang Targets Major North Carolina Hospitals
• Massive MOVEit Hack Affects Nearly 1,000 Organizations and 60 Million Individuals
• Rapid7 Report Highlights High ROI for Ransomware and Increasing Use of Zero-Day Exploits
• Colorado Alerts 4 Million Citizens of Data Breach Following IBM MOVEit Exploit
• Rise in Ransomware Attacks Through Zero-Day Exploits: An Analysis

Latest News

• Spyware Attacks Exploit Recently Patched Apple, Chrome Zero-Days
• Emergency Security Update iOS 17.0.1: A Critical Alert for All iPhone Users
• Atlassian Issues Patches for High-Risk Vulnerabilities in Multiple Products
• Omron Addresses PLC and Engineering Software Vulnerabilities Uncovered During ICS Malware Investigation
• Nagios XI Network Monitoring Software Vulnerabilities Uncovered