DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NYC schools disclose student and staff information affected by MOVEit breach; National Student Clearinghouse silent on question of extortion payment

Posted on June 24, 2023 by Dissent

Jessica Gould reports:

The New York City Department of Education estimates that the personal data of some 45,000 students was compromised as part of a breach involving the file transfer software MOVEit.

Officials said the compromised data includes social security numbers, birth dates and certain student evaluations, though the specific types of data breached varies per student. Employees’ information was also affected, officials said, but they did not identify how many staff members were involved. No education department data has been published as a result of the breach so far, officials said, and the department will begin notifying those affected this summer.

Read more at Gothamist.

As Gould noted, multiple federal agencies and many companies were also affected by the breach orchestrated by Clop threat actors. One of the victims was the National Student Clearinghouse (NSC), a nonprofit and nongovernmental organization that provides educational reporting, data exchange, verification, and research services.

NSC has provided updates to its customers about updating and securing data involved in the MOVEit breach. What it hasn’t done, however, is come clean with its customers about what data Clop acquired and whether NSC has paid Clop’s extortion demand or is negotiating to pay any demand.

What DataBreaches can report is that NSC was listed on Clop’s leak site and then its name was removed on June 20. Why was it removed?  Did Clop decide to be kind to them, or did NSC pay them or talk to them about payment?

After being contacted by a concerned individual who shared NSC’s emailed updates with DataBreaches, DataBreaches sent an email inquiry to NSC’s media office yesterday office yesterday morning asking them to provide simple “yes” or “no” answers to two questions:

1. Has the clearinghouse or any affiliated entity paid extortion to Clop for them to remove data from their leak site?

2. If there has been no payment, then is the clearinghouse or any representative negotiating or trying to negotiate with Clop to remove the data from their leak site?

There has been no reply as of publication. This post will be updated if a reply is received.

Related posts:

  • National Student Clearinghouse notifies schools of MOVEit breach
  • The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
  • The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far. (3)
  • Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them (UPDATE2)
Category: MiscellaneousU.S.

Post navigation

← Four senior residences in Pennsylvania disclose a data security breach in April
MOVEit breach also impacted major pension systems and insurers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.