A significant data breach has occurred within New York City schools, compromising the sensitive information of around 45,000 students, school employees and service providers, according to local officials.
The city’s Department of Education announced Friday the confidential data — including social security numbers, dates of birth, student OSIS numbers and employee IDs — was compromised. The data breach reportedly impacted approximately 19,000 documents accessed from the MOVEit file transfer system, which has reportedly been a target of a global hacking campaign. The documents encompassed student evaluations, progress reports and records related to DOE employees’ leave status, the New York Post reported.
“We recently learned of a security vulnerability in a third-party file-sharing software, MOVEit, which has impacted both private and government customers globally,” Nathaniel Styer, spokesperson for the city DOE, said in a statement. “Working with NYC Cyber Command, we immediately took steps to remediate, and an internal investigation revealed that certain DOE files were affected.” (RELATED: Hundreds Of Students’ Mental Health Records Leaked Online After Dark Web Hack)
NYC schools hacked with sensitive info on 45,000 students compromised: DOE https://t.co/HAAlEIYR3i pic.twitter.com/bUBm6gJzm5
— New York Post (@nypost) June 24, 2023
The DOE has been in contact with the NYPD and FBI to cooperate in an investigation into the cyber attack. Although the exact number of affected staff members and the precise timing of the cyber attack were undisclosed as of Saturday, the DOE said there was no “ongoing unauthorized access” to its system, the outlet noted.
The Council of Supervisors and Administrators Union has been communicating with the Chancellor’s team to mitigate the breach’s impact and is pushing for appropriate credit fraud protection for the affected individuals. Those impacted by the breach will be offered access to an identity-monitoring service, officials stated, according to the report.