BELOW SUPERNAV drop zone ⇩

NYC public school students’ data targeted in cyberattack

  • NYC DOE: 19,000 documents illegally retrieved, 45,000 students affected
  • Senator: "It’s a very serious concern"
  • CISA: No evidence of link between the Russian group and Moscow's government

Updated:

MAIN AREA TOP drop zone ⇩

MAIN AREA TOP drop zone ⇩

Editor’s Note: This story has been corrected to reflect that Progressive Software informed customers of the data breach on May 31.

NEW YORK (NewsNation) — A recent attack carried out by Russian cybercriminals appears to have exposed the personal data of tens of thousands of New York City public school students.

The New York City Department of Education announced the data breach in a letter to families notifying them that third-party file-sharing software, MOVEit, had been targeted. School officials estimated about 19,000 district documents were illegally retrieved, impacting 45,000 students and an undisclosed number of DOE staff. 

“Currently, we have no reason to believe there is any ongoing unauthorized access to DOE systems. We will provide impacted members of the doe community with more information as soon as we are able,” the department told NewsNation.

The data types impacted include Social Security numbers and employee ID numbers, but not necessarily for all affected individuals, the department noted. Only 9,000 Social Security numbers were estimated to be included.

“It’s a very serious concern,” New York State Sen. John Liu (D), the chair of the NYC Education Committee, said. “I believe that DOE officials and city hall understand this is a top priority.”

The department has since deployed a software patch and there is no known further threat.

“Our top priority is determining exactly which confidential information was exposed, and the specific impact for each affected individual,” the department said in the letter to families. “When that determination is made, we will begin preparing notifications to individuals whose confidential information was compromised.”

The hackers, reportedly linked with Russian cybercriminals, took advantage of a security flaw and hacked a widely used file transfer software, exposing the personal data of millions of Americans.

The group was also allegedly responsible for breaching U.S. government offices and more than a dozen private companies nationwide.

Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots.

MOVEit’s parent company, Progressive Software, informed its customers of the data breach on May 31.

The Cybersecurity and Infrastructure Security Agency and the FBI are looking into the recent cyber attacks. 

The CISA said there’s no evidence suggesting the Russian group accused of carrying out the attack was working on behalf of the Russian government.

Blake Burman, Tyler Wornell, Devan Markham and Sean Noone contributed to this report.

Tech

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed

Site Settings Survey

 

MAIN AREA MIDDLE drop zone ⇩

Trending on NewsNation

MAIN AREA BOTTOM drop zone ⇩

tt

KC Chiefs parade shooting: 1 dead, 21 shot including 9 kids | Morning in America

Witness of Chiefs parade shooting describes suspect | Banfield

Kansas City Chiefs parade shooting: Mom of 2 dead, over 20 shot | Banfield

WWE star Ashley Massaro 'threatened' by board to keep quiet about alleged rape: Friend | Banfield

Friend of WWE star: Ashley Massaro 'spent hours' sobbing after alleged rape | Banfield

Sunny

la

66°F Sunny Feels like 66°
Wind
7 mph SW
Humidity
47%
Sunrise
Sunset

Tonight

Partly cloudy. Low near 50F. Winds NNW at 5 to 10 mph.
50°F Partly cloudy. Low near 50F. Winds NNW at 5 to 10 mph.
Wind
6 mph NNW
Precip
10%
Sunset
Moon Phase
Waxing Gibbous