The MOVEit file transfer hack is still racking up victims, as a non-profit educational organisation discloses the scale of data exposed by the vulnerability.
According to a report made to the Office of the Maine Attorney General, the National Student Clearinghouse – which provides administrative services to a raft of colleges and universities in the United States – first noted that its data may have been affected in late June 2023, and that the initial compromise occurred almost a month earlier in May.
Finally, at the end of August, the National Student Clearinghouse began notifying affected customers and organisations of the incident.
The report to the Maine attorney general notes that over 51,000 individuals were affected, but a second filing with the attorney general of California lists nearly 900 affected colleges and universities.
At the moment, the National Student Clearinghouse is still investigating the scope of the data affected. So far, the non-profit believes that no enrolment details were a part of the breached data but has told the Maine attorney general that Social Security Number may be.
However, the National Student Clearinghouse’s own letter, sent to affected students, says enrolment details may be impacted.
“The relevant files obtained by the unauthorised third party included personal information such as name, date of birth, contact information, Social Security number, student ID number, and certain school-related records (for example, enrolment records, degree records, and course-level data),” the letter reads.
“The data that was affected by this issue varies by individual.”