National Student Clearinghouse Data Breach: Nearly 900 Schools Impacted

Cl0p ransomware gang gained access to its MOVEit server and stole files containing personally identifiable information.

The National Student Clearinghouse (NSC) revealed a recent data breach impacted 890 schools that use its services.

A breach notification letter filed with the Office of the California Attorney General said the Cl0p ransomware gang gained access to its MOVEit managed file transfer (MFT) server on May 30 and stole files containing personally identifiable information (PII).

Clearinghouse is a nonprofit that provides educational reporting, data exchange, verification, and research services to approximately 22,000 high schools and 3,600 colleges and universities, which make up roughly 97% of students in public and private institutions, according to Bleeping Computer.

“On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution,” NSC wrote ibn the letter. “After learning of the issue, we promptly initiated an investigation with the support of leading cybersecurity experts. We have also coordinated with law enforcement.”

The stolen PII contained names, birth dates, contact information, Social Security numbers, student ID numbers, and other school-related records. NSC said it has implemented patches to the MOVEit software and additional monitoring measures to further protect its systems and customers’ data. It is also offering identity monitoring services at no cost for two years.

In late May, the Cl0p ransomware gang began exploiting an SQL injection vulnerability in the MOVEit Transfer platform, leveraging a zero-day security flaw and gaining access to an underlying database, reports Help Net Security. Starting June 15, the cybercriminals started extorting organizations that fell victim to the attacks, exposing names on its dark web data leak site.

In late June, NSC notified the impacted schools about the breach but did not provide many details as the investigation was ongoing. At that time, reported that NCS’s name had been removed from Cl0p’s leak site, “which is often an indication that a victim paid.”

The breach has affected many organizations across the globe, including governments, financial institutions, pension systems, and other public and private entities. Among the victims are multiple U.S. federal agencies and two U.S. Department of Energy entities.

Coveware, a cyber extortion incident response firm, estimates the gang will collect around $75-100 million in payment due to high ransom requests.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ