National Student Clearinghouse impacted by MOVEit vulnerability breach

National Student Clearinghouse reported that they were among the victims of the MOVEit vulnerability breach.

Although the clearinghouse's statements did not confirm whether they paid a ransom, their name was removed from Clop's leak site, which often indicates payment.

When pushed on the issue of ransom payment, the clearinghouse did not respond.

The clearinghouse has now notified schools about the cybersecurity issue related to the MOVEit Transfer software vulnerability, stating that unauthorized access to files containing personal data may have occurred.

Among the reported victims is St. Petersburg College, Florida

While their notification provides more information, the clearinghouse remains non-transparent regarding the extortion aspect, leaving uncertainty about whether they paid the ransom.

Update - on 25th of September The National Student Clearinghouse reported that nearly 900 colleges and universities across the U.S. had data stolen during attacks by a ransomware gang exploiting the popular MOVEit file-sharing tool. The nonprofit manages educational reporting, data exchange, verification, and research services for 3,600 colleges and universities as well as 22,000 high schools.