"Hackers Steal Data of 45,000 New York City Students in MOVEit Breach"

The New York City Department of Education (NYC DOE) recently discovered that hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.  The managed file transfer (MFT) software was used by NYC DOE to securely transfer data and documents internally and externally to various vendors, including special education service providers.  NYC DOE noted that it patched the servers as soon as the developer disclosed info on the exploited vulnerability (CVE-2023-34362); however, the attackers were already abusing the bug in large-scale attacks as a zero-day before security updates were available.  The affected server was taken offline after the breach was discovered, and NYC DOE is working with NYC Cyber Command to address the incident.  A review of the impacted files is ongoing, but preliminary results indicate that approximately 45,000 students and DOE staff, and related service providers were affected.  NYC DOE stated that roughly 19,000 documents were accessed without authorization.  The types of data impacted include Social Security Numbers (not necessarily for all impacted individuals; for example, approximately 9,000 Social Security Numbers were included), employee ID numbers, and more.  The FBI is investigating the broader breach that has impacted hundreds of entities.  

Bleeping Computer reports: "Hackers Steal Data of 45,000 New York City Students in MOVEit Breach"