800k Affected: Georgia Universities Breached in Clop Attack

A year following the notorious cyberattack by the Clop group, during which hundreds of companies suffered data breaches, the University System of Georgia (USG), which comprises 26 public colleges and universities in the USA, unexpectedly discovered that it, too, had compromised at that time.

Recall that a year ago, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit Transfer file transmission system by Progress Software, facilitating global data theft. Patches for the bug have been made available by the Progress company, in the following versions: 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1). Now, with the assistance of the FBI and CISA, USG has determined that the group also stole sensitive files from their system. The organization began sending notifications to the affected individuals on April 15 of this year.

The stolen information included full or partial social security numbers, dates of birth, bank account numbers, and federal tax documents with tax identification numbers.

As revealed in an official notice sent to the state of Maine, data from about 800,000 individuals were compromised during the attack. This figure significantly exceeds the number of students currently enrolled at USG institutions, indicating that the data breach also spread to former students, academic staff, and other employees.

In response to the incident, USG offered the victims 12 months of identity protection and fraud detection services through Experian. However, it is unlikely that these services will be relevant for the affected individuals a year after the breach.

The Clop attack on MOVEit Transfer turned out to be one of the most successful ransom operations in recent years. Even a year after the attack, organizations continue to discover and report data breach incidents, underscoring the long-term consequences of such events.