Get Help Now

Get expert threat analysis weekly. Sign up to receive our Threat Briefing:


    Date: 06/30/2023


    National Student Clearinghouse Breach

    Click to watch the 5 minute video regarding this alert

    Several clients have reached out to GreyCastle Security regarding the recent disclosure of a data breach at the National Student Clearinghouse (NSC).  The language in the notification reads: “If you determine that your organization is required by law to report the issue to affected individuals and regulators, the Clearinghouse will send notification on your organization’s behalf if you would like us to do so.”

    Considering this language, GreyCastle Security recommends employing legal counsel to advise NSC customers and partners as to whether they have any notification requirements. Typically, the breached entity (NSC in this case) is responsible for breach notification and will do so without prompting from its customers.  We expect this to be the case with the NSC breach.

    As more information becomes available, GreyCastle Security will send updates.

    What Happened?

    A well-known ransomware threat actor group known as “CL0P” or “TA505” exploited a vulnerability identified as CVE-2023-34362 in MOVEit Transfer, an application running on NSC equipment.  CL0P used this to steal data from the NSC.

    Am I Vulnerable to Attack?

    If your organization only sends data to the NSC, and is not running a MOVEit server,  you are not vulnerable to exploitation via CVE-2023-34362.

    If your organization does run MOVEit server for data transfer, GreyCastle Security recommends initiating incident response procedures and assessing servers for compromise.

    Request Consultation

    For a complimentary consultation, fill out the form below and we will be in touch shortly

      Number of Employees - select one:
      Industry - select one:

      The National Student Clearinghouse site providing information regarding this breach:
      Information on CL0P and the recent exploitation is available from CISA:

      How can we help?

      If you need assistance with the Special Alert Threat identified today or any other cybersecurity concerns, compliance issues or questions, please reach out through the contact button below.  We stand ready to assist!

      Let’s Discuss Your Cybersecurity Needs

      Contact Us  
      Privacy Settings
      We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
      Consent to display content from - Youtube
      Consent to display content from - Vimeo
      Google Maps
      Consent to display content from - Google
      Consent to display content from - Spotify
      Sound Cloud
      Consent to display content from - Sound
      Contact Us