Another victim from the MOVEit zero-day vulnerability exploitation confirmed being impacted by the data breach.
Although Madison College cyber attack was announced on the college’s website on July 5, it was not directly breached by the Cl0p ransomware group.
Madison college cyber attack and the NSL
One of Madison College’s partners, The National Student Clearinghouse, was hacked via the MOVEit file transfer tool.
The National Clearinghouse is a nonprofit that offers services to North American colleges and universities to over 3,600 colleges which amount to nearly 97 of postsecondary enrollments.
They offer degree verification and enrolment verification among other research services.
What Madison college said in its news update
Addressing the data compromised by the MOVEit transfer cyber attack, the Madison college news update read, “While Madison College’s systems are not affected by this event, the NSC has alerted us that they believe the breach may have included data provided to them from Madison College via MOVEit.”
MOVEit MFT, which is a Managed File Transfer software used by organizations across the globe was breached by the Cl0p ransomware group according to the announcements made by the victim company in May this year.
The news update addressed the Madison college cyber attack due to NSC being impacted that handles its data.
The college was not aware of the files submitted by Madison college to NSC that were stolen by the hackers. The college assured that it will work with the students to make all the resources they need in case their data will have been found to be exposed.
Madison college cyber attack and NSL cyber attack update
National Student Clearinghouse published a notice for readers alerting them about the NSL cyber attack and how it might impact the colleges and universities it served. The notice clarified that the services are operational.
“The unauthorized party obtained certain files within the Clearinghouse’s MOVEit environment, which may have included information from the student record database on current or former students,” the NSL cyber attack notice added.
However, they had no evidence to confirm if the enrolment and degree files that are submitted to the Clearinghouse for verification were compromised when the notice was published.
It is uncertain if the hackers moved to other environments to access data related to student records and files exchanged between the Clearinghouse and NSLDS.
The MOVEit Transfer system of NSL was compromised. The organization stated that it rebuilt the Clearinghouse’s entire MOVEit environment launched last week to enter its customers’ database safely.
Systems were also patched with the three security patches issued by Progress Software, the developers of MOVEit.
Madison college cyber attack and other MOVEit exploitation targets
Brett Callow, a Threat Analyst at Emsisoft tweeted ,the number of victims of the MOVEit cyber attack. According to him, Madison College became the 200th organization to confirm being targeted.
The list so far includes 18 US schools with over 17,561,373 individuals impacted by the security breach. More than 30 voluntary company disclosures have been made so far, Brett noted.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
