学生数据管理平台全国学生信息交换所证实MOVEit黑客攻击影响了900所美国学校

  • Educational institutions are assumed to be the most vulnerable sector today, considering that 70 to 80% of lower-to-higher education providers reported experiencing ransomware attacks in 2022.
    考虑到 70% 至 80% 的低级到高等教育提供者报告在 2022 年遭受过勒索软件攻击,教育机构被认为是当今最脆弱的部门。
  • National Student Clearinghouse has reaffirmed these suspicions, revealing that nearly 900 US schools were impacted by the MOVEit hack.
    全国学生信息交流中心重申了这些怀疑,透露近900所美国学校受到MOVEit黑客攻击的影响。
  • According to the research, reporting, and verification services provider, sensitive student records were stolen in the MOVEit data breach.
    根据研究,报告和验证服务提供商的说法,敏感的学生记录在MOVEit数据泄露中被盗。
  • The organization identified the scope of this breach on June 20 following an investigation.
    该组织在调查后于 6 月 20 日确定了此违规行为的范围。
  • The National Student Clearinghouse boasts a network of 3600 colleges/universities and 22,000 high schools.
    全国学生信息交流中心拥有3600所学院/大学和22,000所高中的网络。

Last week, Hackread covered research from cybersecurity firm Sophos and VPN service provider AtlastVPN, revealing that education was the top-most targeted sector in ransomware attacks. During 2022, 80% of lower education and 79% of higher education institutions became targets of ransomware attacks. The recovery cost from these attacks touched $ 1.59 million in 2022-2023 for lower education institutes and close to $ 1 million for higher education institutions in 2023.
上周,Hackread报道了网络安全公司Sophos和VPN服务提供商AtlastVPN的研究,揭示了教育是勒索软件攻击中最受攻击的领域。2022 年期间,80% 的低年级教育和 79% 的高等教育机构成为勒索软件攻击的目标。2022-2023 年,这些攻击的恢复成本在 2022-2023 年为低级教育机构达到 159 万美元,在 2023 年为高等教育机构接近 100 万美元。

The latest revelation from the National Student Clearinghouse has reaffirmed these findings by revealing that around 900 schools were impacted by the MOVEit attack. MOVEit is a managed file transfer software created by Progress Software Corp and widely used by financial institutions, governments, and thousands of public/private sector entities worldwide for sharing information.
全国学生信息交流中心的最新披露重申了这些发现,揭示了大约900所学校受到MOVEit攻击的影响。MOVEit是由Progress Software Corp创建的托管文件传输软件,被金融机构,政府和全球数千个公共/私营部门实体广泛用于共享信息。

On 31st May 2023, MOVEit became the target of a hack attack where the platform suffered huge data loss after being hit by Cl0p ransomware. The ransomware operators accessed information belonging to organizations and individuals by exploiting a zero-day vulnerability.
2023 年 5 月 31 日,MOVEit 成为黑客攻击的目标,该平台在受到 Cl0p 勒索软件攻击后遭受了巨大的数据丢失。勒索软件运营商通过利用零日漏洞访问属于组织和个人的信息。

As of September 22, 2023, this attack has impacted 2,053 organizations and 57,624,249 individuals, as per the information available on Cl0p operators’ website, SEC filings, and public disclosures, explained cybersecurity firm Emsisoft. Over 90% of the impacted organizations were based in the US, 1.8% in Germany, 3.2% in Canada, and 1.0% in the UK.
网络安全公司Emsisoft解释说,根据Cl0p运营商网站、SEC文件和公开披露上提供的信息,截至2023年9月22日,这次攻击已经影响了2,053个组织和57,624,249名个人。超过90%的受影响组织位于美国,1.8%位于德国,3.2%位于加拿大,1.0%位于英国。

The National Student Clearinghouse is among the impacted organizations. The non-profit has confirmed (PDF) that around 900 colleges/universities have been affected by the MOVEit attack. The list of affected schools is available here (PDF).
全国学生信息交流中心是受影响的组织之一。该非营利组织已证实(PDF)约有900所学院/大学受到MOVEit攻击的影响。受影响的学校名单可在此处获得(PDF)。

The organization informed the California attorney general’s office that its MOVEit server was hacked in late May, but it discovered the scale of the breach and stealing of the student record database on June 20 with help from cybersecurity experts and law enforcement agencies. 
该组织通知加州总检察长办公室,其 MOVEit 服务器在 5 月下旬遭到黑客攻击,但在网络安全专家和执法机构的帮助下,它于 6 月 20 日发现了学生记录数据库遭到破坏和窃取的规模。

“Through our investigation, on June 20, 2023, we learned that an unauthorized party obtained certain files from the MOVEit tool. The issue occurred on or around May 30, 2023,” the organization explained.
“通过我们的调查,2023 年 6 月 20 日,我们了解到未经授权的一方从 MOVEit 工具中获取了某些文件。该问题发生在 2023 年 5 月 30 日或前后,“ 该组织解释说。

The stolen data included name, contact details, school records, date of birth, student ID number, enrollment records, degree, and course-level data compromised in the attack. It has sent data breach notifications to impacted individuals. The notification has been posted to the California attorney general’s website. 
被盗数据包括姓名、联系方式、学校记录、出生日期、学生证号、注册记录、学位和在攻击中泄露的课程级别数据。它已向受影响的个人发送数据泄露通知。该通知已发布在加州总检察长的网站上。

The National Student Clearinghouse has patched the software and added stricter monitoring mechanisms, apart from offering victims free identity monitoring services for two years.
全国学生信息交换所已经修补了该软件,并增加了更严格的监控机制,除了为受害者提供免费的身份监控服务两年。

It is worth noting that the infamous MOVEit hack impacted many high-profile organizations, including Norton’s parent company, Gen Digital, the US Department of Energy, Siemens Energy, Shell, and Schneider Electric. 
值得注意的是,臭名昭著的MOVEit黑客攻击影响了许多知名组织,包括诺顿的母公司Gen Digital,美国能源部,西门子能源,壳牌和施耐德电气。

The French government agency Pole Emploi, the Colorado Department of Health Care Policy and Financing, and Maximus lost the highest amount of personal data of registered individuals.
法国政府机构Pole Emploi,科罗拉多州医疗保健政策和融资部以及Maximus丢失了注册个人的最高个人数据量。

原文连接:900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data — 900所美国学校受到MOVEit黑客攻击,暴露了学生数据 (hackread.com)

发表评论

您的邮箱地址不会被公开。 必填项已用 * 标注

滚动至顶部