The National Student Clearinghouse Gets Hacked, Compromising Thousands of Students
Table of Contents
- By Steven
- Published: Jul 26, 2023
- Last Updated: Jul 27, 2023
The National Student Clearinghouse is a verification tool used by educational establishments around the country to verify students are who they say they are. More than 3,600 colleges rely on the services of the organization founded in 1993. A huge number of students rely on the organization to process their information, and some of that data was taken in a recent breach.
How Did the Attack Occur?
At the end of May 2023, hackers began taking advantage of a zero-day vulnerability found in the MOVEit file transfer solution. This vulnerability enabled the attackers to get into file databases and claim data. Students from many different schools lost their information to the attackers. These data losses have put the students into a vulnerable position, making it possible for them to be hacked and exposed to identity theft and phishing attacks.
What Information Was Viewed or Stolen?
A mix of personal data was viewed from the National Student Clearinghouse. Information for thousands of students was released to the hackers, enabling them to steal data points such as Social Security numbers, full names, addresses, and much more. We don't know what information was taken from each of the students specifically, but it's the type of data students submit when verifying their information. The personal data that could have been stolen could easily be used for identity theft purposes.
How Did the National Student Clearinghouse Admit to the Breach?
The National Student Clearinghouse quickly began coordinating with law enforcement when it learned about the data breaches. The organization also began sending formal notifications to any of the schools confirmed to be compromised by this breach. Schools were left to notify their students about the breach and possible information losses. Some schools released public announcements about the breaches, while others sent individual notices to students. Some of the many schools affected by this breach include SUNY Fredonia, UB University at Buffalo, Bates Technical College, Olympic College, St. Petersburg, and Lake Sumter Community College, to name a few. Many additional schools were impacted by this breach as well. If you were enrolled in college in May, you should watch for an indication that your university was impacted by these breaches as well.
What Will Become of the Stolen Information?
The attacks connected to the MOVEit file transfer tool were launched in an effort to gather ransoms from the companies compromised. If the schools or the National Student Clearinghouse aren't willing to pay the ransom demands, the information will be spread across the internet. The student data involved may be given away for free, or it could be sold to hackers that want to exploit it. Either way, the information will be spread around, and any students with data involved will be put at risk by the data breach.
What Should Affected Parties Do in the Aftermath of the Breach?
If you're a student or faculty member who learns your information is involved in this breach, you should take steps to secure your information. Consider credit monitoring solutions to watch for strange changes on your credit report. Making slight changes is all that's necessary to safeguard your information. Be careful to avoid giving away personal data via email or through text messages, and you'll protect yourself against most phishing attacks.
