Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
According to the New York City Department of Education (NYC DOE), threat actors broke into the NYC DOE’s MOVEit Transfer server and stole documents containing the personal information of up to 45,000 students.
The NYC DOE used managed file transfer (MFT) software to securely transfer data and documents internally and externally to a variety of vendors, including special education service providers.
After the developer disclosed the exploited vulnerability (CVE-2023-34362), NYC DOE patched the servers, but attackers were already using the bug as a zero-day before security updates were available.
After the breach was discovered, the affected server was taken offline, and the NYC DOE is working with the NYC Cyber Command to address the incident.
We also conducted an internal investigation, which revealed that certain DOE files were affected. A review of the impacted files is ongoing, but preliminary results indicate that approximately 45,000 students, in addition to DOE staff and related service providers, were affected.
Roughly 19,000 documents were accessed without authorization. The types of data impacted include Social Security Numbers and employee ID numbers (not necessarily for all impacted individuals; for example, approximately 9,000 Social Security Numbers were included).
The FBI is investigating the broader breach that has impacted hundreds of entities; we are currently cooperating with both the NYPD and FBI as they investigate.
More and More Companies Affected by the MOVEit Transfer Attacks
In a statement provided to Bleeping Computer, the Clop ransomware gang claimed responsibility for the June 5 CVE-2023-34362 MOVEit Transfer attacks, claiming to have compromised the MOVEit servers of “hundreds of companies.”
On June 15, the Clop ransomware gang began extorting organizations affected by MOVEit data theft attacks by publicly listing their names on Clop’s dark web data leak site.
Shell, the University of Georgia (UGA) and University System of Georgia (USG), Heidelberger Druck, UnitedHealthcare Student Resources (UHSR), and Landal Greenparks are just a few of the companies that have confirmed to BleepingComputer that they were affected.
Other victims who have already disclosed breaches related to the MOVEit Transfer attacks include the US states of Missouri and Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland’s HSE), Ofcam, the government of Nova Scotia, the American Board of Internal Medicine, and Extreme Networks.
According to CNN, the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that several US federal agencies have also been compromised. According to Federal News Network, the attacks also impacted two US Department of Energy (DOE) entities.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
