A hacking attack targeting Texas Wesleyan University exposed students’ personal data, including Social Security numbers and information involving passports and financial accounts.
The attack last month is the latest data breach related to the Russian ransomware gang Cl0p, which was behind the widespread MOVEit breach earlier this year. MOVEit is software focused on file transfers that works with education-focused entities, including the National Student Clearinghouse and the teacher retirement fund TIAA.
Texas Wesleyan University experienced a network disruption on Oct. 6, which prompted the institution to disconnect access to the affected server and involve an outside cybersecurity firm, according to a notice filed on the university’s website. On Nov. 8, the university discovered information from the disruption had been published online by Cl0p. Individuals with compromised data were notified on Nov. 20.
The university did not disclose the number of students with compromised data.
The data included Social Security numbers, passport information, financial account information and “limited” medical information. Affected students received an offer of free credit monitoring and theft restoration services through TransUnion.
The university said it has taken other defensive steps including increasing the minimum length of passwords, hardening the rules around internet traffic and working toward having multifactor authentication.