Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse

The National Student Clearinghouse disclosed that nearly 900 colleges and universities have been impacted by the MOVEit hack.

The non-profit organization, which delivers reporting, verification and research services to higher education institutions across North America, informed the state of Maine’s attorney general in late August that more than 51,000 individuals are affected by this most recent incident.

Emsisoft, which has been keeping track of the organizations that were directly and indirectly impacted by the MOVEit hack, reported that the total number of victims from all the hacks reached 2,053 on Sept. 22. The total number of impacted individuals exceeds 57 million.  

Progress Software, makers of the MOVEit software, disclosed there was a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments back on May 31.

In an alert about this most recent incident, the National Student Clearinghouse said that the unauthorized party obtained certain files within the Clearinghouse’s MOVEit environment that may have included information from the student record database on current or former students. The Clearinghouse said it has no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications.

The Clearinghouse has contracted with a third-party cybersecurity firm to conduct an investigation and has contacted law enforcement. It said the attack only involves its MOVEit file transfer application.

As cyber teams continue to address this spate of attacks, the news should serve as a wakeup call to every organization that security teams must remediate this serious zero-day vulnerability immediately, said Darren Guccione, co-founder and CEO at Keeper Security. However, Guccione said as any organization grows and becomes a more appealing target, the quality and focus of these attacks will increase accordingly.

“All organizations should take a proactive approach to regularly update software and immediately patch vulnerabilities that are being actively exploited in the wild,” said Guccione. “Organizations…