National Student Clearinghouse, a nonprofit that provides enrollment and other services for thousands of colleges and universities across North America, is the latest organization breached by the MOVEit flaw.
The organization put out a list of impacted institutions filled with nearly 900 schools.
"The unauthorized party obtained certain files within the Clearinghouse's MOVEit environment, which may have included information from the student record database on current or former students," a statement from the National Student Clearinghouse said. "We have no evidence that the affected files included the enrollment and degree files that organizations submit to the Clearinghouse for reporting requirements and for verifications."
The statement added that the threat actors were not able to access anything outside its MOVEit environment, which has been rebuilt inside the organization to protect against similar cyberattacks in the future, it stressed.
John Bambenek, principal threat hunter at Netenrich, effectively accused any cybersecurity leader who has not shored up their MOVEit environment after months of reported breaches, of malpractice.
"The vulnerability (and patch) have been known for four months," Bambenek said in a statement. "For organizations still using a vulnerable version of MOVEIt, the most important thing they should do is fire the CISO, because there is no excuse for not having remediated it by now."
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
moveit leads university breaches