How has ransomware group Clop’s MOVEit data breach impacted higher education institutions?
Cybersecurity attacks have been happening all over the country exposing a security issue Involved with Progress Software’s MOVEit Service.
The ransomware group Clop is believed to have targeted a vulnerability in the MOVEit file-transfer program that allows third parties to view and share large sensitive data sent by the tool’s users.
Clop is believed to have targeted over 3,000 organizations in the U.S. and reportedly stolen at least 38 million individual records, including information on the student record database.
Several colleges, including UCLA, St. Mary’s University, Webster University, Trinity College and Middlebury College, have expressed concerns stating they have been caught up in the cyberattack. The extent of the impact on the higher education sector continues to grow, with some of the most high-profile names sharing their situation below.
- The National Student Clearinghouse has just reported a cybersecurity problem belonging to the MOVEit breach. The National Student Clearinghouse is tasked with collecting enrollment and other student data for colleges across America. According to its ongoing investigation, authorities determined these files were accessed through the Clearinghouse’s MOVEit program. The National Student Clearinghouse is unsure of what data has been breached but the organization is certain student record database files were minimally accessed and potentially exfiltrated by Clop. The Clearinghouse is now seeking support from law enforcement and global cybersecurity firms.
- One of TIAA’s third party vendors, PBI Research Services (“PBI”), also has been affected by the MOVEit breach. PBI’s job is to handle private information for insurance organizations and pension funds. Due to this breach, PBI is offering compromised customers two years of free credit monitoring.
- Several colleges including Webster, Trinity and Middlebury reported they were impacted by both the TIAA and Clearinghouse breaches. TIAA performs work for more than 15,000 institutions so this breach could prove to be quite costly.
- Announced recently, the California State Teachers’ Retirement System (CalSTRS) and the California Public Employees’ Retirement System (CalPERS) have been affected by the MOVEit hack. CalPERS mentioned that this incident impacted personal information from roughly 770,000 of its members. CalPERS is taking intensive action to protect and serve its members’ financial interest.
- The University System of Georgia has also been hit by this wave of cybersecurity breaches. They are unaware of whether their system contracted Clop or paid a ransom. Their experts are designing software updates to fix the security problem.
- Another cybersecurity incident related to the MOVEit breach has been discovered within John Hopkins University and John Hopkins Health System. Some of the data included names, health billing records and contact information. The university said it will be reaching out to impacted members.
How Can Schneider Downs Help?
If you believe your organization was impacted by the MOVEit attack or have any other questions, please contact our team at [email protected].
About Schneider Downs Higher Education Services
The Schneider Downs Higher Education industry group is a dedicated team of experienced professionals specializing in serving institutions from high schools to universities. Our experience in audit and assurance, tax advisory, technology and data and more allow our professionals to stay ahead of the latest trends, developments and challenges within the education sector and provide timely and practical solutions to our clients.
To learn more, visit our Higher Education Industry Group page.
About Schneider Downs Cybersecurity
The Schneider Downs Cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit www.schneiderdowns.com/cybersecurity.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.