In the wake of recent global cybersecurity incidents involving the popular file-sharing application Moveit Transfer, Washington State University (WSU) has become the ninth major educational institution to report being affected by both the MOVEit vulnerability and TIAA security breaches. 

This follows the news of several other university data breach incidents involving two more educational institutions, Augsburg University and Drake University, who have also confirmed that they have been hit by the MOVEit cyberattacks — orchestrated mainly by the CL0P ransomware group starting May 2023.

MOVEit vulnerability victims rise: Cyber attacks on Universities 

It is worth noting that these university data breach incidents have impacted several educational institutions throughout the globe.

Washington State University, Hamilton College, Augsburg University, and Drake University are among the institutions confirming their exposure to the MOVEit vulnerability through their association with the National Student Clearinghouse (NSC) and TIAA. 

However, this list of cyber attacks involving the MOVEit vulnerability is likely to increase in the future. Here is a quick look at all the major university data breach incidents we saw today.

Washington State University data breach

Washington State University (WSU) confirmed to experienced a data breach, but it was not a direct result of using the MOVEit software.

Instead, the university breach occurred through two third-party service providers: the National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA). 

The NSC, which WSU relies on for enrollment verification and student loan reporting, had personally identifiable information and education records of WSU students compromised.

TIAA, a financial organization serving academic, research, and other sectors, shared information with an external vendor, Pension Benefit Information (PBI), affected by the breach. 

However, TIAA’s systems remain secure, and affected individuals will receive letters offering free credit monitoring for two years from PBI.

Hamilton College data breach

Hamilton College has notified its community members about a university data breach incident involving the MOVEit application, affecting service providers National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association (TIAA).

While the college is not responsible for the incident, personally identifiable information may have been compromised. 

As a precaution, people are advised to monitor their financial accounts, check credit reports for unauthorized changes, consider credit freezes, and consider identity theft protection services.

The NSC and TIAA websites provide additional information. Hamilton College’s Information Security team is actively addressing the situation, and inquiries can be directed to their Director of Information Security and Privacy.

Augsburg University data breach

Augsburg University is one of the latest educational institutions that have confirmed a data breach due to a security vulnerability in the MOVEit Transfer software.

TIAA, the plan sponsor for Augsburg’s 403(b) Retirement Plan, confirmed that data from current and former Augsburg employees held by third-party vendor PBI Research Group had been compromised. 

The University data breach includes individuals’ first and last names, addresses, dates of birth, and Social Security Numbers. Fortunately, TIAA’s systems remain unaffected, and no unusual activity has been observed in TIAA accounts.

PBI will notify affected individuals by mail and offer free credit monitoring for two years. No action is required from individuals, but they can seek further information and support from TIAA’s Security Center or by contacting TIAA directly.

Drake University data breach

Drake University has also received notifications from its service providers, National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA), regarding a potential university data breach affecting some community members.

The vulnerability in the MOVEit Transfer tool, used by NSC, is believed to have compromised personally identifiable information. TIAA confirms that no data was obtained from their systems, but participant information may have been exposed through a third-party vendor using the same tool. 

Drake University is working closely with cybersecurity teams and service providers to investigate the extent of the university data breach and will take appropriate action if community members are affected.

Drake University’s systems remain unaffected, and various channels will provide updates. Community members are advised to monitor their accounts, enable multi-factor authentication, stay vigilant against phishing attacks, and consider a credit freeze for protection.

The MOVEit vulnerability mayhem explained 

The recent wave of hacking incidents involving the MOVEit file-transfer tool has caused significant damage to various sectors, impacting renowned establishments such as banks, hotels, and hospitals. Radisson Hotels, 1st Source Bank, Jones Lang LaSalle, and TomTom are among the latest victims.

The notorious Clop ransomware gang, responsible for these mass data breaches targeting Progress Software’s MOVEit customers, has inflicted harm on numerous organizations and continues expanding its list of victims.

The Cyber Express recently reported about the recent addition of Radisson Hotels Americas, an international hospitality group operating over 1,100 locations, which was added to Clop’s dark web leak site, revealing its compromised status this week.

CalPERS, a governmental agency in California responsible for managing pensions and healthcare benefits for over 1.5 million public employees and retirees, acknowledged being affected by the MOVEit cyber attacks.

Marcie Frost, the CEO of CalPERS, condemned the breach and emphasized their immediate actions to safeguard their members’ financial interests and implement long-term security measures.

“This external information breach is inexcusable,” said CalPERS Chief Executive Officer Marcie Frost. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

FIS Holding, a prominent entity in the financial industry, also confirmed falling prey to the MOVEit vulnerability crisis. While the incident had a limited impact on their clients, FIS Holding assured open communication with all affected parties and expressed their commitment to collaborating with Progress Software to mitigate the situation and ensure client protection.

“FIS was one of many organizations impacted by the vulnerability issue experienced by Progress Software and their MOVEit Transfer product. While the incident impacted a limited number of our clients, we are communicating with all clients whose information was potentially involved”, said FIS Holding in a conversation with The Cyber Express.

Norton LifeLock, a well-known player in the cybersecurity realm, also acknowledged the cyber attack. They promptly addressed the known vulnerabilities in their MOVEit system, assuring no compromise of their core IT infrastructure or customer/partner data. 

However, some information about the Gen employees and contingent workers was leaked in the breach. “Unfortunately, some personal information of Gen employees and contingent workers was impacted, which included information like name, company email address, employee ID number, and in some limited cases home address and date of birth,” said a Gen spokesperson for Norton LifeLock.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.