The MOVEit spree is as bad as — or worse than — you think it is

Higher Ed Dive

Matt Kapko

August 10, 2023

The mass exploit of a zero-day vulnerability in MOVEit has compromised more than 600 organizations and 40 million individuals to date, but the numbers mask a more disastrous outcome that’s still unfolding.

The victim pool represents some of the most entrenched institutions in highly sensitive — and regulated — sectors, including healthcare, education, finance, insurance, government, pension funds and manufacturing.

The subsequent reach and potential exposure caused by the Clop ransomware group’s spree of attacks against these organizations is vast, and the number of downstream victims is not yet fully realized.

Colorado State University was hit six times, six different ways. The school’s third-party vendors — TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife and The Hartford — all informed the school of data breaches linked to the MOVEit attacks.

Continue Reading