Notifications of a data breach are being sent to 800,000 people by the University System of Georgia (USG), whose data was compromised in the 2023 Clop MOVEit attacks.

With approximately 340,000 students, USG is a state government organization that runs 26 public colleges and universities in Georgia. In late May 2023, the Clop ransomware group launched a large global data theft campaign by exploiting a zero-day flaw in Progress Software's MOVEit Secure File Transfer service. USG was one of the first organizations to be listed as breached when the threat group began its extortion phase in the MOVEit attacks, which affected thousands of organizations worldwide.

Nearly a year later, USG discovered that Clop had taken private documents from its systems and started informing the affected parties, with assistance from the FBI and CISA. The following information was accessed by the threat actors, according to the notices of data breach that were sent between April 15 and April 17, 2024; Social Security Number, bank account number(s), date of birth, and IRS income tax documents containing a Tax ID number.

Since there are more affected people than USG students, and given the nature of the data, likely that previous students, faculty, contractors, and other staff are also impacted by the incident. 800,000 people are affected by the data breach, according to the organization, which sent a sample of the alert to the Office of the Maine Attorney General yesterday.

A driver's license number or identification card number is also listed as a vulnerable data type on the Maine portal entry, even though the notification makes no mention of it. Those who are affected can now sign up for a 12-month identity protection and fraud detection service through Experian, provided by USG. The enrollment deadline is July 31, 2024.

The MOVEit attacks by Clop were among the most effective and widespread extortion schemes in the past few years. Organizations continue to find, validate, and reveal breaches more than a year after they occurred, prolonging the fallout. There are 2,771 affected companies and around 95 million people whose personal information is on Clop's servers. A portion of the stolen data was made public on Clop's dark web extortion portal, while some were sold to cybercrime organizations and some were kept for potential future monetization.

Impact

• Identity Theft
• Exposure to Sensitive Data
• Financial Loss

Remediation

• Immediately apply security patches and updates to all software systems, including third-party applications like MOVEit Transfer, to eliminate vulnerabilities and reduce the risk of future exploits.
• Conduct thorough security assessments and due diligence when engaging third-party contractors and vendors, ensuring that their systems adhere to stringent security standards.
• Educate employees and contractors about social engineering, phishing, and other tactics used in cyberattacks, empowering them to recognize and report suspicious activities.
• Implement advanced email filtering and anti-phishing solutions to prevent malicious emails containing malware or harmful links from reaching recipients.
• Continuously monitor security research and sources to promptly identify and address zero-day vulnerabilities
• Implement network segmentation to compartmentalize sensitive data and critical systems, limiting lateral movement in case of a breach.
• Enforce MFA for accessing sensitive systems and applications, adding an extra layer of protection against unauthorized access.
• Deploy EDR solutions to monitor endpoints for suspicious activities, allowing for rapid response to potential breaches.
• Develop and regularly update an incident response plan outlining specific steps to take when a breach is detected, including communication, containment, and recovery.
• Conduct regular security audits and assessments of third-party vendors and contractors to ensure compliance with security best practices.
• Review and minimize the collection and retention of sensitive data, reducing the potential impact of a breach.
• Maintain up-to-date backups of critical data and regularly test the restoration process to ensure data availability in case of a breach or system failure.
• Ensure compliance with relevant data protection and privacy regulations, as well as industry-specific standards.
• Implement continuous network and system monitoring to promptly detect and respond to any abnormal activities.
• Train employees and contractors on security best practices, emphasizing the importance of handling sensitive information securely.