One sentence summary – The National Student Clearinghouse (NSC) in the United States has experienced a significant data breach, affecting 890 schools across the country, with unauthorized access gained to their file transfer server resulting in the theft of personal information including names, dates of birth, contact information, Social Security numbers, student ID numbers, and school-related records, and the Clop ransomware gang is responsible for the attacks, which began on May 27 and have since involved extortion and the exposure of affected organizations’ names on a dark web data leak site, with the repercussions of this breach expected to be felt globally and law enforcement agencies actively investigating the incident.
At a glance
- The National Student Clearinghouse (NSC) has suffered a significant data breach.
- 890 schools across the country have been affected by this breach.
- The breach occurred on May 30 and unauthorized access was gained to NSC’s MOVEit managed file transfer (MFT) server.
- A large amount of personal information, including names, dates of birth, contact information, Social Security numbers, student ID numbers, and school-related records, was stolen.
- The Clop ransomware gang is responsible for these data theft attacks, which have impacted multiple organizations and federal agencies.
The details
The National Student Clearinghouse (NSC), a leading educational nonprofit in the United States, has suffered a significant data breach.
This breach has affected 890 schools across the country.
The incident took place on May 30.
Unauthorized access was gained to NSC’s MOVEit managed file transfer (MFT) server.
This resulted in the theft of a large amount of personal information.
The stolen data includes names, dates of birth, contact information, Social Security numbers, student ID numbers, and school-related records.
The extent of exposed data varies for each affected individual.
This was indicated in the data breach notification letters.
The Clop ransomware gang is responsible for these data theft attacks.
This gang is known for its relentless cybercriminal activities.
The attacks began on May 27.
They exploited a zero-day security flaw in the MOVEit Transfer platform.
This allowed the perpetrators to gain unauthorized access.
Since June 15, the cybercriminals have started extorting organizations affected by the attacks.
They have publicly exposed the names of these organizations on a dark web data leak site.
The repercussions of this breach are expected to be felt globally.
Multiple organizations have already started notifying affected customers.
Only a limited number of organizations are likely to comply with the ransom demands.
Despite this, the Clop gang could still amass an estimated $75-100 million in payments.
The NSC provides educational reporting, data exchange, verification, and research services to approximately 22,000 high schools and 3,600 colleges and universities nationwide.
The fallout from this breach is anticipated to be significant due to the breadth of NSC’s services and the vast number of educational institutions affected.
Multiple U.S. federal agencies, along with two U.S. Department of Energy entities, have also fallen victim to these data theft and extortion attacks.
This highlights the severity and widespread impact of these cybercrimes.
Cybersecurity experts and law enforcement agencies are actively investigating the incident.
They are working to mitigate further risks.
All organizations are urged to prioritize their cybersecurity measures and remain vigilant to protect against such threats in the future.
This incident underscores the urgent need for robust security protocols and proactive measures to safeguard sensitive data.
The information provided is based on available facts and reports.
Further updates may emerge as the investigation progresses.
Article X-ray
Here are all the sources used to create this article:
an image that best visualises the following news headline: National Student Clearinghouse Suffers Significant Data Breach
This section links each of the article’s facts back to its original source.
If you have any suspicions that false information is present in the article, you can use this section to investigate where it came from.
| bleepingcomputer.com |
|---|
| – National Student Clearinghouse (NSC), a U.S. educational nonprofit, has experienced a data breach affecting 890 schools across the country. – Attackers gained access to NSC’s MOVEit managed file transfer (MFT) server on May 30 and stole files containing personal information. – |
| The stolen documents include personally identifiable information (PII) such as names, dates of birth, contact information, Social Security numbers, student ID numbers, and school-related records. – |
| The data breach notification letters indicate that the exposed data varies for each affected individual. – NSC provides educational reporting, data exchange, verification, and research services to approximately 22,000 high schools and 3,600 colleges and universities. – |
| The Clop ransomware gang is responsible for the data theft attacks, which began on May 27 and exploited a zero-day security flaw in the MOVEit Transfer platform. |
| – |
| The cybercriminals started extorting organizations affected by the attacks on June 15 and exposed their names on a dark web data leak site. – |
| The fallout from these attacks is expected to impact numerous organizations globally, with some already notifying affected customers. |
| – Estimates suggest that only a limited number of organizations are likely to pay the ransom demands, but the cybercrime gang could still collect an estimated $75-100 million in payments. |
| – Multiple U.S. federal agencies and two U.S. Department of Energy entities have also fallen victim to these data theft and extortion attacks. |
English 
Portuguese 
Turkish 
Chinese 
German