MOVEit breach hits education sector

The biggest infosec story in the news right now has caught multiple sectors in its net: the hack of the MOVEit file transfer tools.  From government to utilities to finance, students and teachers to public employees and retirees, it feels like no one has been exempted.  Over 16 million people in more than 150 institutions have been affected by the breach, the result of a substantial campaign by the Russian-affiliated Clop ransomware group.  And that sum is just the total from the 12 organizations that have disclosed specific numbers.  Who knows how many more were caught up in the other hundred-plus breaches?  Around 3.5 million drivers’ license holders in Oregon alone, and 6 million Louisiana residents, had their data compromised.

Education is one of the most noteworthy targets – the National Student Clearinghouse, an ever present charity that works with thousands of schools across the U.S., is a significant name among affected entities.  The University of California, Los Angeles (UCLA) was also impacted, and has since brought in cybersecurity specialists to assist in its investigation. 

Other institutions have felt a domino effect from the breach.  A certain third-party vendor, known as Pension Benefit Information (PBI), utilized the MOVEit file transfer.  Well, PBI is employed by the Teachers Insurance and Annuity Association of America (TIAA), which transitively became a victim of the breach as a result.  The dominos kept falling and next knocked over Middlebury College in Vermont and Trinity College in Connecticut, both of which sent out notifications of breaches resulting from their sharing of personally identifiable information (PII) with the TIAA.  This potentially includes student employee data, birth dates and Social Security numbers.  Middlebury has also confirmed it was affected by the National Student Clearinghouse breach.

Since the TIAA serves more than five million active and retired employees at more than 15,000 institutions and manages $1.3 trillion in assets across the globe, the impact could be even more significant than two schools.

NetLib Security’s powerful Encryptionizer solution is there to assist educational institutions protect their valuable student and institutional data.  Often, schools struggle with budgets to address the sophistication of today’s data security landscape, complicating their efforts.  Encryptionizer helps simplify and streamline the process, offering reduced pricing structures for these organizations while requiring no additional programming or administrative overhead.

Clop, the self-proclaimed culprits, says they hit hundreds more firms, as yet unnamed.  Nor is this their first campaign.  Before MOVEit, they had already exploited flaws in other file sharing programs from companies like Fortra and Accellion.  The US State Department has since offered a $10 million bounty for any information leading to the capture of the notorious cyber criminals.

Major headlines like these should reinforce the crucial need for strong data security policies in all organizations.  Staff training, software updates and data encryption are all necessary measures to keep cyber thieves from stealing your lunch money…by which I mean your sensitive data.