The University of Missouri hosts around 30,000 students with 17,000 staff members and spans four campuses. Mizzou is the most recent breach announcement involving the MOVEit transfer application’s zero-day vulnerability; the MOVEit breach has impacted thousands of consumers worldwide.
The MOVEit zero-day vulnerability has been a glaring target for bad actors for months. In August, Mizzou announced a data leak from a provider and public clearing house. This recent breach was not through a provider but through Progress Software, which oversees MOVEit transfer files.
Progress Software notified Mizzou of the possibility of a breach on May 31st, 2023. Mizzou immediately conducted a manual review of their information and concluded that suspicious activity may have happened on or around September 7th. On October 20th, Mizzou sent breach notifications to impacted parties. The institution then notified the Maine Attorney General of the events.
Mizzou’s breach notification does not state who may feel the impact of the cyber event. Instead, it says the addressed individual had “personal information in the affected data set.” Simultaneously, the Maine filing states the breach may have impacted 118,000+ people; given their lower student population, it’s likely that many associated parties had leaked information in the attack.
The number of infected files is not public; despite this, Mizzou’s notice suggests that impacted parties immediately consult with identity and financial monitoring services. We suggest all associates, alums, students, staff, contractors, donors, and associates watch their personal information scrupulously for suspicious activity.