Skip to main content
close search
site logo
Dive Brief

MOVEit breach hit nearly 900 colleges, says National Student Clearinghouse

In filings with the California attorney general’s office, the nonprofit shared institutions that had been swept up in the attack.

Published Sept. 27, 2023
Natalie Schwartz's headshot
Senior Editor
The campus of Cornell University
The campus of Cornell University. The Ivy League school is one of many colleges swept up in the MOVEit data breach, according to a notice from the National Student Clearinghouse. peterspiro via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief: 

  • The National Student Clearinghouse said nearly 900 colleges suffered a data breach during the mass hack of the file-sharing tool MOVEit, according to filings last week with the California attorney general’s office. 
  • Progress Software, the company behind the MOVEit tool, informed National Student Clearinghouse in late May about the data breach. During the attack, cybercriminals obtained files containing personal information such as names, birth dates, Social Security numbers, student identification numbers and school records. 
  • The list of affected colleges is wide ranging. It spans from Ivy League institutions like Cornell University to large public colleges, including several in the California State University system. 

Dive Insight: 

Hundreds of organizations have been swept up in the massive MOVEit attack, which was carried out by a Russian ransomware gang called Clop. The National Student Clearinghouse’s notice gives a deeper look at the mass hack’s impact on higher education. 

The organization’s list of impacted institutions includes colleges across the U.S. For instance, colleges in both of New York’s public higher education systems were affected, including SUNY Cortland and the City University of New York’s Hunter College. Large public flagships, like the University of Missouri, were also affected by the breach. 

Although colleges make up the vast majority of institutions in the National Student Clearinghouse’s notice, the list also includes high schools and some education organizations. 

The hack impacted more than 51,000 people, according to a separate notice that the National Student Clearinghouse filed with Maine regulators last month. 

The clearinghouse, which provides educational data reporting and research services, isn’t the only major higher education organization hit in the MOVEit attack. 

TIAA, a retirement giant for educators and academics, also confirmed earlier this year that one of its third-party vendors had been exposed in the MOVEit breach. Multiple colleges, including Middlebury College in Vermont and Webster University in St. Louis, have since notified their campuses they were hit by both the TIAA and National Student Clearinghouse breaches.

“The organizations between them likely deal with a significant percentage of schools in the U.S., which means it’s quite possible that this incident will have affected the majority of the schools in the U.S.,” Brett Callow, a threat analyst at cybersecurity company Emsisoft, told Higher Ed Dive in July.

Filed Under: Policy & Legal

Editors' picks

Company Announcements

View all | Post a press release
EducationDynamics Brings InsightsEDU 2025 to New Orleans with a Focus on the Modern Learner
From EducationDynamics
October 31, 2024
Podium Education Announces New Executives
From Podium Education
October 17, 2024
Higher Education Facing a Shift, not a Cliff: 2025 Landscape of Higher Education Report Shows
From EducationDynamics
October 21, 2024
Kennedy & Company Acquires FGI Consultants, Establishing Powerhouse in Higher Education CRM Se…
From Kennedy and Company Education Strategies
October 30, 2024
Editors' picks
Latest in Policy & Legal
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell