Another victim has confirmed being impacted by the data breach resulting from the MOVEit zero-day vulnerability exploitation. The Madison College cyber attack, which was announced on the college’s website on July 5, was not directly breached by the Cl0p ransomware group. However, one of Madison College’s partners, The National Student Clearinghouse (NSC), was hacked via the MOVEit file transfer tool.
The NSC is a nonprofit organization that provides services to over 3,600 colleges and universities in North America, accounting for nearly 97% of postsecondary enrollments. One of the services offered by NSC is degree verification and enrollment verification, among other research services.
In a news update addressing the data compromised by the MOVEit transfer cyber attack, Madison College stated that while its own systems were not affected by the event, the NSC had alerted them to the possibility that the breach may have included data provided to NSC by Madison College via MOVEit. The breach occurred when the Cl0p ransomware group targeted the MOVEit MFT software, which is widely used by organizations worldwide.
Madison College was not aware that the files submitted to NSC had been stolen by the hackers. However, the college assured students that it would work with them to provide any necessary resources in the event that their data was found to be exposed.
The NSC published a notice to alert readers about the cyber attack and its potential impact on the colleges and universities it serves. The notice clarified that the NSC’s services were still operational. It stated that the unauthorized party had obtained certain files within the MOVEit environment, which may have included information from the student record database on current or former students. However, at the time the notice was published, there was no evidence to confirm if the enrollment and degree files submitted to the Clearinghouse for verification were compromised.
It remains uncertain whether the hackers attempted to access data related to student records and files exchanged between the Clearinghouse and NSLDS through other environments. The NSL’s MOVEit Transfer system was compromised, prompting the organization to rebuild its entire MOVEit environment to ensure the safety of its customers’ databases. The systems were also patched with security updates issued by Progress Software, the developers of MOVEit.
The Madison College cyber attack is just one of many instances in which the MOVEit software has been exploited by hackers. According to Brett Callow, a Threat Analyst at Emsisoft, Madison College became the 200th organization to confirm being targeted by the MOVEit cyber attack. So far, the list of victims includes 18 US schools, with over 17,561,373 individuals impacted by the security breach. More than 30 voluntary company disclosures have been made regarding this cyber attack.
It is important to note that the information provided in this report is based on internal and external research obtained through various means. Users are responsible for their own reliance on this information, and The Cyber Express assumes no liability for its accuracy or any consequences that may arise from its use.