Widespread MOVEit hack compromises NYC student data

Gothamist reports that nearly 45,000 New York City students were disclosed by the city's Department of Education to have their personal information compromised following the widespread Clop ransomware attacks involving the exploitation of vulnerabilities in the MOVEit Transfer file transfer app. Attackers were able to exfiltrate students' birthdates, Social Security numbers, and evaluations, as well as data from some of the department's employees although officials have not specified the number of impacted staff. There has also been no evidence suggesting any compromise of the New York City Department of Education systems, according to department spokesperson Nathaniel Styer. Such a confirmation comes after various federal agencies and numerous companies have disclosed MOVEit-related compromise, an attack that Parent Coalition for Student Privacy co-Chair Leonie Haimson notes should prompt the city's Education Department to exhibit increased urgency in dealing with cybersecurity incidents and ensure vendors' adherence to encryption protocols under the state data privacy law.