MOVEit breach exposes personal data of 45,000 NYC students and staff
Hackers breached the MOVEit Transfer server of the New York City Department of Education (NYC DOE), stealing sensitive personal information of up to 45,000 students, including Social Security Numbers and employee ID numbers. The Clop ransomware gang claimed responsibility for the attack, which was part of a broader campaign targeting managed file transfer (MFT) platforms. The FBI is investigating the breach, and impacted organizations have already been extorted by the Clop gang. Progress warned MOVEit Transfer customers of a new SQL injection security flaw after several critical vulnerabilities were disclosed.