DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NYC schools disclose student and staff information affected by MOVEit breach; National Student Clearinghouse silent on question of extortion payment

Posted on June 24, 2023 by Dissent

Jessica Gould reports:

The New York City Department of Education estimates that the personal data of some 45,000 students was compromised as part of a breach involving the file transfer software MOVEit.

Officials said the compromised data includes social security numbers, birth dates and certain student evaluations, though the specific types of data breached varies per student. Employees’ information was also affected, officials said, but they did not identify how many staff members were involved. No education department data has been published as a result of the breach so far, officials said, and the department will begin notifying those affected this summer.

Read more at Gothamist.

As Gould noted, multiple federal agencies and many companies were also affected by the breach orchestrated by Clop threat actors. One of the victims was the National Student Clearinghouse (NSC), a nonprofit and nongovernmental organization that provides educational reporting, data exchange, verification, and research services.

NSC has provided updates to its customers about updating and securing data involved in the MOVEit breach. What it hasn’t done, however, is come clean with its customers about what data Clop acquired and whether NSC has paid Clop’s extortion demand or is negotiating to pay any demand.

What DataBreaches can report is that NSC was listed on Clop’s leak site and then its name was removed on June 20. Why was it removed?  Did Clop decide to be kind to them, or did NSC pay them or talk to them about payment?

After being contacted by a concerned individual who shared NSC’s emailed updates with DataBreaches, DataBreaches sent an email inquiry to NSC’s media office yesterday office yesterday morning asking them to provide simple “yes” or “no” answers to two questions:

1. Has the clearinghouse or any affiliated entity paid extortion to Clop for them to remove data from their leak site?

2. If there has been no payment, then is the clearinghouse or any representative negotiating or trying to negotiate with Clop to remove the data from their leak site?

There has been no reply as of publication. This post will be updated if a reply is received.

Category: MiscellaneousU.S.

Post navigation

← Four senior residences in Pennsylvania disclose a data security breach in April
MOVEit breach also impacted major pension systems and insurers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.