- The fan-favorite 8TB T5 Evo SSD is almost 50% off at Samsung for Black Friday
- This Samsung projector is secretly the best gaming console you can buy, and it's on sale for Black Friday
- I tested the best Mint alternatives, and this is my favorite money app
- 5 ways to achieve AI transformation that works for your business
- Tech winners and losers of 2024: For every triumph, a turkey
Almost US 900 Schools Breached Via MOVEit
The MOVEit sagas continues to claim more victims, after an education non-profit revealed that 890 US schools signed up with it had been breached.
The National Student Clearinghouse offers degree and enrolment verification services, among other things, with a network of 3600 participating colleges and universities, and 22,000 high schools.
However, in a breach notification letter posted to the website of the Office of the California Attorney General, the non-profit revealed for the first time the scale of a May data breach impacting many of these members.
It said it was informed about the incident involving managed file transfer software MOVEit by its developer Progress Software.
Read more on MOVEit: Critical Zero-Day Flaw Exploited in MOVEit Transfer
“After learning of the issue, we promptly initiated an investigation with the support of leading cybersecurity experts. We have also coordinated with law enforcement. Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023,” the notice explained.
“The relevant files obtained by the unauthorized third party included personal information such as name, date of birth, contact information, Social Security number, student ID number, and certain school-related records (for example, enrollment records, degree records, and course-level data). The data that was affected by this issue varies by individual.”
The National Student Clearinghouse said it has patched the software and put additional monitoring capabilities in place, while also offering victims identity monitoring services for two years.
The full list of impacted education institutions covers schools, colleges and universities across the US.
The total cost of the MOVEit operation is still being counted, although hundreds of organizations like the National Student Clearinghouse are thought to have been impacted, affecting millions of downstream users and customers across the globe.
Experts have suggested that ransomware outfit Clop could make as much as $100m from extorting these victims, even if just a small percentage pay up.