More than 134K UMass Chan Medical Students Suffer from Recent Breach
Table of Contents
- By Steven
- Aug 22, 2023
UMass Chan Medical School is a public medical school located in Worcester, Massachusetts. The school was founded in 1962 and is part of the University of Massachusetts college system. The school is one of the few medical school locations in the United States with FDA approval to manufacture vaccinations. It serves a small number of students but handles important tasks while offering highly specialized training to its students. The school recently suffered from a data breach in connection with the MOVEit breaches that may have exposed as many as 134,000 students.
How Did the Attack Occur?
On May 31, 2023, the company responsible for the MOVEit file transfer tool released an announcement warning its users it had suffered from a Zero-Day vulnerability that enables attackers to access files connected with the software. The vulnerability exposed government agencies, major corporations, universities, and much more around the world. UMass Chan Medical School is one of the facilities exposed by the software issue, and it's a real problem that resulted in significant data losses.
What Information Was Viewed or Stolen?
While UMass officials explained that the school didn't suffer any file losses, some personal information related to students in the school and related to the school was lost. The data isn't broken down specifically, but we suspect many users lost their Social Security numbers, emails, home addresses, phone numbers, and other details that could give attackers the means to launch data attacks and identity theft attacks on the involved individuals.
How Did UMass Chan Admit to the Breach?
Medical school officials sent personalized notices to everyone involved in the breach. If your data was exposed because of the MOVEit breach, you will receive a letter in the mail from the school explaining your situation. Some users that are impacted by this breach qualify for free credit monitoring services, but only the ones with personal information losses that could be harmful to them. It's unclear whether the school sent a notice to any Attorney General's offices or not, but anyone concerned about the attack should watch for a notice to come in.
What Will Become of the Stolen Information?
The MOVEit data breaches were designed to gather information that could be used to demand ransoms from major corporations. The breaches aimed to gather harmful data that could be used for identity theft, phishing attacks, and more. The C10p ransomware gang behind these attacks sent ransom demands to most of the companies involved, and it's likely that the information will be misused to generate a profit in any way possible. If the university isn't willing to pay any ransom demands, it's likely that student information will be resold, used for identity theft attacks, and relied upon for phishing attacks to try and gather more financial-related information.
What Should Affected Parties Do in the Aftermath of the Breach?
Anyone that receives a notice from UMass Chan stating your information was involved in this recent data breach, check your credit with each of the bureaus to see if anything has changed. Also, claim the free credit monitoring services if they are available to you. You must watch your financial accounts and credit to ensure your information isn't being abused and that you aren't put in a bad situation. Take steps to protect yourself, and you'll avoid most potential issues you could face from this data breach.