RedAlert! 900 Schools Hit, Student Data Exposed!

Last week, research from cybersecurity firm Sophos and VPN service provider AtlastVPN, revealed that education was the top-most targeted sector in ransomware attacks. During 2022, 80% of lower education and 79% of higher education institutions became targets of ransomware attacks. The recovery cost from these attacks touched $ 1.59 million in 2022-2023 for lower education institutes and close to $ 1 million for higher education institutions in 2023.

The latest revelation from the National Student Clearinghouse has reaffirmed these findings by revealing that around 900 schools were impacted by the MOVEit attack. MOVEit is a managed file transfer software created by Progress Software Corp and widely used by financial institutions, governments, and thousands of public/private sector entities worldwide for sharing information.

On 31st May 2023, MOVEit became the target of a hack attack where the platform suffered huge data loss after being hit by Cl0p ransomware. The ransomware operators accessed information belonging to organizations and individuals by exploiting a zero-day vulnerability.

As of September 22, 2023, this attack has impacted 2,053 organizations and 57,624,249 individuals, as per the information available on Cl0p operators’ website, SEC filings, and public disclosures, explained cybersecurity firm Emsisoft. Over 90% of the impacted organizations were based in the US, 1.8% in Germany, 3.2% in Canada, and 1.0% in the UK.

The National Student Clearinghouse is among the impacted organizations. The non-profit has confirmed that around 900 colleges/universities have been affected by the MOVEit attack. The list of affected schools is available here (

The organization informed the California attorney general’s office that its MOVEit server was hacked in late May, but it discovered the scale of the breach and stealing of the student record database on June 20 with help from cybersecurity experts and law enforcement agencies. 

“Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023,” the organization explained.

The stolen data included name, contact details, school records, date of birth, student ID number, enrollment records, degree, and course-level data compromised in the attack. It has sent data breach notifications to impacted individuals. The notification has been posted to the California attorney general’s website. 

The National Student Clearinghouse has patched the software and added stricter monitoring mechanisms, apart from offering victims free identity monitoring services for two years.

It is worth noting that the infamous MOVEit hack impacted many high-profile organizations, including Norton’s parent company, Gen Digital, the US Department of Energy, Siemens Energy, Shell, and Schneider Electric. 

The French government agency Pole Emploi, the Colorado Department of Health Care Policy and Financing, and Maximus lost the highest amount of personal data of registered individuals.