Pierluigi Paganini
September 24, 2023
The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations
The organization has disclosed a data breach that impacted approximately 900 US schools using its services. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).-
The attack is the result of the massive MOVEit hacking campaign that targeted organizations worldwide at the end of May.
“On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution. MOVEit Transfer is a file transfer tool used by many organizations, including the Clearinghouse, to support the transfer of data files.” reads the data breach notification letter shared with the Office of the California Attorney General. “After learning of the issue, we promptly initiated an investigation with the support of leading cybersecurity experts. We have also coordinated with law enforcement. Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023.”
The attack took place on May 30 and threat actors gained access to relevant files containing personal information such as name, date of birth, contact information, Social Security number, student ID number, and certain school-related records (for example, enrollment records, degree records, and course-level data). According to the data breach notification letter, the data that was affected by this issue varies by individual.
National Student Clearinghouse encourages impacted individuals to remain vigilant by reviewing their account statements and monitoring their free credit reports for suspicious activity.
The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software.
MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.
The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
“a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer’s database.” reads the advisory published by the company. “Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.”
The vulnerability affects all MOVEit Transfer versions, it doesn’t affect the cloud version of the product.
In early June, the Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.
At the time, the Clop ransomware gang published an extortion note on its dark web leak site claiming to have information on hundreds of businesses.
“WE HAVE INFORMATION ON HUNDREDS OF COMPANIES SO OUR DISCUSSION WILL WORK VERY SIMPLE.” reads the message published by the gang.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, National Student Clearinghouse)
