The National Student Clearinghouse (NSC), a nonprofit organization in the U.S. that provides educational verification and reporting services to schools, employers, and other organizations, has revealed a data breach that affected around 900 U.S. schools using its services. The security breach was the result of a cyber attack that exploited a vulnerability in the MOVEit managed file transfer (MFT).
This attack is linked to the extensive MOVEit hacking campaign that targeted organizations globally in late May. The NSC was informed about a cybersecurity issue involving the MOVEit Transfer solution by Progress Software, their third-party software provider, on May 31, 2023. This tool is used by many organizations, including NSC, to support data file transfers.
Upon being notified of the issue, NSC immediately initiated an investigation with the help of top cybersecurity experts, and also coordinated with law enforcement. The investigation revealed that an unauthorized party had obtained certain files from the MOVEit tool around May 30, 2023.
The cyber attack on May 30 allowed threat actors to access files containing personal information such as names, dates of birth, contact details, Social Security numbers, student ID numbers, and specific school-related records like enrollment records, degree records, and course-level data. The data affected by this issue varies per individual, as stated in the data breach notification letter.
The NSC is urging affected individuals to stay vigilant by checking their account statements and monitoring their free credit reports for any suspicious activity. The Clop ransomware group is suspected to have compromised hundreds of companies worldwide by exploiting a vulnerability in the MOVEit Transfer software. This software is a managed file transfer used by businesses to securely transfer files using SFTP, SCP, and HTTP-based uploads.
The vulnerability is a SQL injection vulnerability that can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. All MOVEit Transfer versions are affected by this vulnerability, except for the cloud version of the product.
In early June, the Clop ransomware group, also known as Lace Tempest, was recognized by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. At that time, the Clop ransomware group posted an extortion note on its dark web leak site claiming to have information on hundreds of businesses.