Cyberattack at NSC Affects 890 Schools

A major nonprofit has disclosed a major data breach that has affected 890 schools across the United States. The National Student Clearinghouse (NSC) has announced that they have been the victim of a data breach that has put its clients’ data at risk. Let’s take a look at what this means.

It’s an Official Breach

This information comes from the Office of the California Attorney General. NSC administrators have claimed that attackers successfully gained access to the MOVEit managed file transfer server on May 30, 2023, and were able to make off with files containing a vast array of personal information that includes names, dates of birth, contact information, Social Security numbers, student ID numbers, and some other school-related records.

U.S. educational nonprofit National Student Clearinghouse (NSC) has disclosed a data breach affecting 890 schools using its services across the United States. If you would like to learn more about the breach, you can access the official report from the organization here. 

The organization provides educational reporting, data exchange, verification, and other services to over 22,000 secondary schools and around 3,600 colleges nationwide. Overall, it has been estimated that over 50,000 individuals have had some form of personally identifiable information (PII) leaked in the attack. 

Ransomware Group Behind the Attacks

By using a zero-day security flaw in NSC’s MOVEit managed file transfer system, the Clop ransomware gang has claimed responsibility for the NSC data theft. After gaining access to the server on May 27, it started extorting organizations that fell victim to the attacks, threatening to leak information on the dark web if ransom was not paid. As of this writing, only a limited number of affected organizations have given in to Clop’s ransom demands, but those responsible are expected to collect tens of millions of dollars from the breach. 

Do What You Can to Protect Your Sensitive Data

You might not work with thousands of other organizations, but you do hold some sensitive information that could hinder your business if it were to be stolen. Furthermore, no organization wants to be the victim of a ransomware extortion scheme. If you are concerned that you are apt to be exposed to cybercriminals, there are a lot of things you can do. We can help! Give our IT security experts a call today at (954) 739-4700 to learn how.