The University System of Georgia (USG) announced that the confidential information of approximately 800,000 students, faculty, and staff was exposed in the recent MOVEit data breach.
The breach occurred due to a vulnerability in the MOVEit Secure File Transfer software used by USG and hundreds of other organizations to store and transfer sensitive data.
In a statement released on September 3, 2023, USG confirmed that an unauthorized party accessed highly sensitive information, including names, Social Security numbers, addresses, email addresses, phone numbers, salary and benefits details, and other personally identifiable information.
The breach potentially impacts anyone who was paid benefits between March 1 and May 26, 2023, and their beneficiaries.
Free Webinar : Live API Attack Simulation
94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise:
Key Takeaways:
- An exploit of OWASP API Top 10 vulnerability
- A brute force ATO (Account Takeover) attack on API
- A DDoS attack on an API
- Positive security model automation to prevent API attacks
Start protecting your APIs from hackers
The software vendor Progress first disclosed the MOVEit vulnerability in late May 2023. It allowed attackers to inject SQL commands and access databases on MOVEit servers.
The Russian-affiliated ransomware gang Cl0p is suspected to be behind the attacks, which have affected over 2,500 organizations globally, with more than 80% based in the U.S.
Upon detecting the breach on May 31, USG immediately blocked the compromised MOVEit software and applied security patches.
However, the investigation to determine the full scope of the breach took several months. USG now notifies affected individuals and offers them free credit monitoring and identity protection services through Experian.
“We understand that this news may be concerning, and we want to assure you that we are taking this matter very seriously,” said USG Chief Information Security Officer Alfred S. Barker in the breach notification letter. “It is of the utmost importance to us to provide educational services in a safe and secure manner, and we are taking additional steps to protect your data.”
With 26 public colleges and universities serving over 333,000 students, USG is one of the largest university systems in the U.S. Other education-related victims of the MOVEit breach include the Georgia Teachers Retirement System, with 261,697 retirees and beneficiaries potentially impacted and the National Student Clearinghouse.
Cybersecurity experts say the Cl0p gang is not trustworthy in keeping its word to delete stolen data. Victims are advised to place a credit freeze, enable two-factor authentication on accounts, and monitor credit reports for any signs of fraud or identity theft.
Progress has released security fixes for the MOVEit vulnerability, but many organizations have yet to patch their systems.
The MOVEit breach highlights the risks of increasingly interconnected digital systems and the attractiveness of file transfer services as a target for cybercriminals seeking to steal sensitive data for financial gain.
Educational institutions, which often lack the cybersecurity resources of large corporations, have been especially hard hit. With the full impact of the breach still unfolding, the MOVEit hack is shaping up to be one of the most damaging cyberattacks of 2023.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
.webp "SugarGh0st RAT Attacking Organizations & Individuals in AI Research"){kind=small}
