In late May 2023, the National Student Clearinghouse (NSC) experienced a data breach affecting nearly 900 colleges in the United States. The breach occurred during a hack of the file-sharing tool MOVEit, compromising student data. Upon discovering the vulnerability, NSC launched an investigation, secured relevant systems, and implemented additional security measures. The compromised information included personal details such as names, birth dates, Social Security numbers, student identification numbers, and school records.

How many accounts were compromised?

The breach impacted data related to over 57 million individuals.

What data was leaked?

The data exposed in the breach included names, birth dates, Social Security numbers, student identification numbers, and school records such as degree and enrollment information and course-level data.

How was National Student Clearinghouse hacked?

The hackers exploited a zero-day vulnerability in the MOVEit managed file transfer software, allowing them to access sensitive information. Ransomware was also used in the attack, but details on malware removal and specific methods employed by the hackers remain unclear.

National Student Clearinghouse's solution

In response to the hack, the National Student Clearinghouse took several measures to secure its platform and prevent future incidents. This included closing access, implementing patches, and reporting the issue to law enforcement. They also launched an investigation, secured relevant systems, and conducted a third-party forensic review to identify affected institutions and their specific students. As an additional security measure, some colleges, such as Bennett College, updated credentials for users impacted by the MOVEit data breach.

How do I know if I was affected?

The National Student Clearinghouse has not explicitly mentioned reaching out to affected users. However, if you are concerned about your data being compromised in this breach or others, you can visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

• Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity. If you notice anything unusual, report it to the appropriate platform or financial institution immediately.

For more specific help and instructions related to the National Student Clearinghouse's data breach, please contact National Student Clearinghouse's support directly.

Where can I go to learn more?

If you want to find more information on the National Student Clearinghouse data breach, check out the following news articles:

• National Student Clearinghouse MOVEit Exploit and Data Breach – Bennett College

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - SecurityWeek

• MOVEit breach hit nearly 900 colleges, says National Student Clearinghouse | Higher Ed Dive