Cl0p MOVEit hack compromises Colorado State University data

Colorado State University has disclosed that its current and former students and employees had their personal data compromised as a result of the widespread Cl0p ransomware attack leveraging a vulnerability in the MOVEit Transfer file transfer app, BleepingComputer reports. Attackers may have stolen personally identifiable information, including names, birthdates, Social Security numbers, student or employee identification numbers, and demographic details, as early as 2021, following the MOVEit attack against the university's third-party vendors Teachers Insurance and Annuity Association of America, Corebridge Financial, Sunlife, National Student Clearinghouse, The Hartford, and Genworth Financial. Internal investigation into the extent of the breach is underway, according to CSU officials, who have urged vigilance and reporting of suspected identity theft related to the attack. Similar data breach disclosures involving the compromise of Corebridge Financial, NSC, and TIAA have also been reported by the University of Delaware, Stony Brook University, and the Western University of Health Sciences.