MOVEit Flaw Leads to 900 University Data BreachesMOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
September 25, 2023
National Student Clearinghouse, a nonprofit that provides enrollment and other services for thousands of colleges and universities across North America, is the latest organization breached by the MOVEit flaw.
The organization put out a list of impacted institutions filled with nearly 900 schools.
"The unauthorized party obtained certain files within the Clearinghouse's MOVEit environment, which may have included information from the student record database on current or former students," a statement from the National Student Clearinghouse said. "We have no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications."
The statement added that the threat actors were not able to access anything outside its MOVEit environment, which has been rebuilt inside the organization to protect against similar cyberattacks in the future, it stressed.
John Bambenek, principal threat hunter at Netenrich, effectively accused any cybersecurity leader who has not shored up their MOVEit environment after months of reported breaches, of malpractice.
"The vulnerability (and patch) have been known for four months," Bambenek said in a statement. "For organizations still using a vulnerable version of MOVEIt, the most important thing they should do is fire the CISO, because there is no excuse for not having remediated it by now."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Modernize your Security Operations with Human-Machine Intelligence
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report