Southern Illinois University hosts a modest student body of around 15,000 and employs only a few thousand staff and academics. The publicly funded institution recently announced a damaging data breach—another victim of the MOVEit zero-day vulnerability.
According to the breach notification provided to the Maine Attorney General’s Office, the breach occurred via the MOVEit zero-day vulnerability through a third-party vendor. Southern Illinois University did not have a system breach or compromise to their network security. This breach is one of hundreds that influenced a public vendor.
The breach notification supplied to the attorney general offices shares significant information about the event. The university shares that the attack happened on or around May 29th-30th, 2023. The institution immediately launched an investigation, which concluded on or around September 25th. A month later, on October 24th, the school sent written notifications to impacted parties and notified the attorney offices.
According to Maine, the data breach notification doesn’t list impacted parties. However, an estimated 38,286 people may feel an impact; this means more than the student body may have stolen their details during the breach. Students, staff, academics, contractors, donors, and vendors must all consider protective action in the coming days.
Southern Illinois has not released a full impact report; subsequently, we cannot estimate how many files they stole during the event. However, the notice suggests caution as the unauthorized party “potentially removed” personal information and more from the infected network.