Recently, the National Student Clearinghouse (“NSC”) posted a notice on its website describing a data breach involving the MOVEit file transfer application that leaked confidential information belonging to students across the country. In this notice, NSC explains that it recently sent emails to all affected schools and organizations detailing the breach and what data was compromised. While the NSC notice does not provide specific data types, dozens of colleges and universities across the country have reported that the NSC / MOVEit breach resulted in students’ names and Social Security numbers being made accessible to an unauthorized party.
If you received a data breach notification from your school or from National Student Clearinghouse, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the National Student Clearinghouse data breach. For more information, please see our recent piece on the topic here.
What Caused the National Student Clearinghouse Breach?
The National Student Clearinghouse data breach was only recently announced, and more information is expected in the near future. However, NSC’s recent post entitled “MOVEit Security Issue Update” provides some important information on what led up to the breach. According to this source, NSC uses a third-party software tool called MOVEit to securely transfer files, some of which contain confidential student information provided by various colleges and universities across the country.
Earlier this year, Progress Software, the creator of MOVEit, announced a vulnerability within MOVEit, potentially affecting thousands of organizations worldwide. According to Progress Software, an unauthorized party discovered the MOVEit vulnerability, allowing them to access files being transferred using the tool.
After learning about the MOVEit vulnerability, NCS launched an investigation to determine what information may have been compromised. The NSC investigation confirmed that an unauthorized party obtained certain files transferred through NSC’s MOVEit environment. Some of these files were later determined to contain sensitive information that had been provided to NSC by colleges and universities.
After learning that sensitive consumer data was accessible to an unauthorized party, National Student Clearinghouse reviewed the compromised files to determine what information was leaked and which consumers were impacted. It appears that the information that was compromised varies, depending on the individual and institution. However, several universities and colleges have reported that students’ Social Security numbers were among the affected data.
Recently, National Student Clearinghouse sent out data breach letters to those schools that were affected by the recent data security incident. Each school may handle the incident according to its internal procedures; however, it appears that either the school or NSC will provide personalized notice to victims.
More Information About National Student Clearinghouse
Established in 1993, the National Student Clearinghouse is an education verification and research organization based in Herndon, Virginia. NSC oversees 97 percent of students enrolled in public and private institutions of higher education and 70 percent of students enrolled in public and private high schools. National Student Clearinghouse employs more than 300 people and generates approximately $28 million in annual revenue.