Clearinghouse Gets An F- Grade For Data Breach Affecting Nearly 900 US Schools
Earlier this week, the National Student Clearinghouse reported that a breach had taken place in May of this year. Per the breach notice, the NSC was notified by its third-party software provider that there was an issue with the MOVEit Transfer software. This triggered an investigation into the tool, given the recent breaches involving the software, which led to the discovery that an “unauthorized party obtained certain files from the MOVEit tool.”
This breach led to the compromise of files that contained “personal information such as name, date of birth, contact information, Social Security number, student ID number, and certain school-related records (for example, enrollment records, degree records, and course-level data).” However, it is also noted that the data compromised varies from person to person, as not all affected people had all their information in the breached files. Regardless, given the severity of this breach, NSC is offering free two years of identity monitoring services to all affected by the breach.
It is believed that this breach is thanks to the Clop ransomware group, which has compromised a slew of organizations thanks to the MOVEit vulnerability. This includes a residential energy provider based out of New England as well as photography and personalized items manufacturing company Shutterfly. However, Clop has not yet claimed National Student Clearing House, so we will have to wait and see if it was that group responsible for the attack.