Notorious Russian hackers breach Rutgers’ student data
Russian hackers may have been able to steal the personal data of students and staff at Rutgers University.
The notorious Russian Clop ransomware gang targeted the non-profit National Student Clearinghouse (NSC) and accessed data through a vulnerability in a third-party software program used to transfer files.
Thousands of colleges and universities use the NSC to gather student data for required reporting to the U.S. Department of Education.
Rutgers was notified by the NSC that they were among multiple schools whose data may have been compromised.
The extent of the data breach and what information may have been compromised is still being investigated, according to a notice published on the Rutgers Website.
"Rutgers administrators are monitoring the issue closely and coordinating with the NSC to address any impact on the Rutgers community," the notice reads.
At this time, the impact on Rutgers information is unclear. The NSC is investigating the issue, and Rutgers administrators are monitoring the issue closely and coordinating with the NSC to address any impact on the Rutgers community. - Rutgers University statement
School officials also stressed this was not a breach of any systems at Rutgers.
Bloomberg reported several other universities may also have had student and employee data compromised, including: Stony Brook University, Middlebury College, Loyola University Chicago, Trinity College Connecticut, Colorado State University, the University of Dayton and the University of Alaska.
What will hackers do with the data?
The Russian gang suspected in this latest breach has also targeted government agencies and private businesses with ransomware attacks.
Syndicate members have threatened to expose victims' information online unless they pay a ransom. It is not clear if any extortion demands have been made in this action.
Officials with National Student Clearinghouse says they have installed software patches to secure the software system that was breached. They are also working with what they say is "a leading global cybersecurity firm" to investigate the issue.
As for the students and employees whose data may have been compromised, neither Rutgers nor NSC has specified what personal data may have been exposed or advised an individual course of action.