National Student Clearinghouse MOVEit Exploit and Data Breach

Update:

No confidential student information was compromised.

 

The National Student Clearinghouse (NSC), a national non-profit with 3600 partner schools across the country, including Bennett College, identified an exploit that compromised student data within its MOVEit secure file transfer protocol.

NSC provides enrollment and degree verification to the National Student Loan Data System, private employers, external scholarship organizations, and member schools to conduct prior and subsequent enrollment reviews. Upon identifying this vulnerability, the National Student Clearinghouse launched an investigation and took steps to secure relevant systems. Their investigation determined that an unauthorized party obtained files which contained personal information that is maintained on behalf of member organizations.

Upon identifying the vulnerability, the National Student Clearinghouse and other users quickly closed access, implemented patches, reported the issue to law enforcement and implemented additional user security.

Bennett College’s internal student information system was not compromised during this breach. The NSC is conducting a third-party forensic review to identify affected institutions and their specific students. The NSC will inform the Bennett College IT Department of any compromised student data. As an additional security measure, Bennett College will update credentials on any user who was impacted by the MOVEit data breach.

For any questions or concerns, email moveitincident@bennett.edu

 

FREQUENTLY ASKED QUESTIONS
RE: NATIONAL STUDENT CLEARINGHOUSE DATA BREACH

 

Update:

No confidential student information was compromised.

 

What is the National Student Clearinghouse?

The National Student Clearinghouse (NSC) is a national non-profit with 3600 partner schools across the country, including Bennett College. NSC provides enrollment and degree verification to the National Student Loan Data System, private employers, external scholarship organizations, and member schools to conduct prior and subsequent enrollment reviews. NSC is a vital resource for Admissions, Registrar’s Office, and Institutional Planning, Assessment, Effectiveness, and Research to meet state and federal reporting requirements.

What happened?

NSC identified an exploit that compromised student data within its MOVEit secure file transfer protocol.

What did the National Student Clearinghouse do in response to the incident?

• Upon identifying this vulnerability, the NSC launched an investigation and took steps to secure relevant systems. Their investigation determined that an unauthorized party obtained files which contained personal information that is maintained on behalf of member organizations.
• The Clearinghouse promptly took measures to protect customer data and its systems by applying the relevant security patches and diligently following guidance from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
• The NSC informed member institutions on June 23, 2023, that all security updates to MOVEit were live, and the system was “fully operational” and secure.
• The NSC is conducting a third-party forensic review to identify affected institutions and their specific students.
• The NSC will inform the Bennett College IT Department of any compromised student data.

What measures are being taken by NSC to insure that further data breaches will not occur?

As a precautionary measure, NSC rebuilt the Clearinghouse’s entire MOVEit environment, using new installations of the latest operating systems as well as installing a clean copy of the latest version of the MOVEit Transfer application.

What did Bennett College do in response to the incident?

• Upon being informed of the MOVEit Exploit, Bennett College did not provide any further data uploads to the National Student Clearinghouse until security updates and patches were completed.
• Bennett College’s internal student information system was not compromised during this breach.
• Bennett College IT will contact the affected students upon their identification and will update credentials for any user who was impacted by the MOVEit data breach, as an additional security measure.
• Bennett College activated its Cybersecurity Incidence Response Team to monitor the situation and to define any additional steps.

How will I know if my data was part of the breach?

The NSC will notify member institutions of any data breaches affecting their students. If Bennett College receives any notifications, it will contact the students affected.

What do I do if I am informed that my data has been breached?

If you are informed of a breach in your data, instructions will be provided regarding actions to be taken.

What should I do if I have questions or concerns?

For any questions or concerns, email moveitincident@bennett.edu.