MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
National Student Clearinghouse, a nonprofit that provides enrollment and other services for thousands of colleges and universities across North America, is the latest organization breached by the MOVEit flaw.
The organization put out a list of impacted institutions filled with nearly 900 schools.
"The unauthorized party obtained certain files within the Clearinghouse's MOVEit environment, which may have included information from the student record database on current or former students," a statement from the National Student Clearinghouse said. "We have no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications."
The statement added that the threat actors were not able to access anything outside its MOVEit environment, which has been rebuilt inside the organization to protect against similar cyberattacks in the future, it stressed.
John Bambenek, principal threat hunter at Netenrich, effectively accused any cybersecurity leader who has not shored up their MOVEit environment after months of reported breaches, of malpractice.
"The vulnerability (and patch) have been known for four months," Bambenek said in a statement. "For organizations still using a vulnerable version of MOVEIt, the most important thing they should do is fire the CISO, because there is no excuse for not having remediated it by now."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024