More than 45K Students Lose Data in NYC Dept of Education Breach
Table of Contents
- By Steven
- Jun 28, 2023
The NYC Department of Education manages all the public schools throughout the New York City metro area. More than 1.1 million students go to the managed schools, and the organization oversees all this activity while handling data for these students. The NYC Dept of Education was recently involved in a data breach connected with the MOVEit file transfer solution, and that data breach could have resulted in substantial data losses for faculty members and students in the districts.
How Did the Attack Occur?
Earlier this year, an attack was launched on the New York City Department of Education that resulted in the loss of substantial bits of data. The information taken in this attack was vulnerable because it was transferred with the file transfer tool MOVEit. The tool has been getting attacked recently, and many major organizations have suffered serious data losses because of vulnerabilities in the program. Those vulnerabilities allowed attackers to take away student information as well, and that stolen data could prove troublesome in the future if the attackers decide to leverage it for gain.
What Information Was Viewed or Stolen?
Among the lost data were student evaluations, Social Security numbers, birth dates, and other personal details. All this information could be used for identity theft, and it's possible the hackers will launch phishing attacks with the details as well. While we don't know who launched the attack that uncovered this sensitive data, many experts are blaming Russian cybercriminals. Nearly 45,000 students lost their data to this breach, along with information for public officials, teachers, and more.
How Did the NYC Dept of Education Admit to the Breach?
Officials from the NYC Dept of Education commented on data being taken because of the use of MOVEit file transfer tools. The officials did not release an official report about the breach. It's likely that eventually, the attacks will be reported to Federal Bureau of Investigation via a report and that any students and staff members involved will receive official notices from the school district. For now, we only have statements gathered by reporters to understand this issue.
What Will Become of the Stolen Information?
It's nearly impossible to predict what the attackers will do with student information stolen in this data breach. It's possible they will leverage the data in a ransomware attack and demand a payment to stop the data from being released, but it's more likely the attackers will leverage this information to aid future attacks and to help with gathering more data that has a greater monetary value. It's also possible the hackers will just hold the data for a time before leveraging it after the students are older.
What Should Affected Parties Do in the Aftermath of the Breach?
If you're the parent of a student or a faculty member that was impacted by this breach, you should take steps to protect the stolen information. Try and monitor your credit to see if anything strange occurred. You could also enact a credit freeze to stop the attackers from being able to do anything with the data. It's important to do something, though, even if that's just monitoring to try and see how your data will be misused.