15 July 2024
MOVEit attack: University System of Georgia breached affects 800k students

The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.

University System of Georgia, which manages the state’s higher education institutions, disclosed that 800,000 individuals across the state had their information compromised in late May as a result of the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation.

USG is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students.

In May 2023, Russian ransomware gang Clop discovered and leveraged a zero-day flaw in the software, allowing it to access the software’s systems and access data belonging to companies and government agencies using the software.

The breach potentially impacts anyone who was paid benefits between March 1 and May 26, 2023, and their beneficiaries.

The notices of data breach were sent between April 15 and April 17, 2024, informing recipients that the cybercriminals accessed the following information:

  • Full or partial (last four digits) of Social Security Number
  • Date of Birth
  • Bank account number(s)
  • Federal income tax documents with Tax ID number

The Russian-affiliated ransomware gang Cl0p is suspected to be behind the attacks, which have affected over 2,500 organizations globally, with more than 80% based in the U.S.

“MOVEit Transfer software operating at USG was immediately blocked upon detection of the breach on May 31, 2023, and has now been fully updated and secured in accordance with guidance from Progress Software and CISA.

The organization submitted a sample of the data breach notice to the Office of the Maine Attorney General yesterday, stating that the data breach impacts 800k students.

With the full impact of the breach still not known, the MOVEit cyberattack is to be the one of the most destructive cyberattacks of 2023.

Some of the stolen data was published on Clop’s extortion portal on the dark web, others were sold to cybercrime groups, and some remain to be monetized in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *