EGCC Among Colleges Affected by Data Breach

YOUNGSTOWN, Ohio — Eastern Gateway Community College is among nearly 900 colleges and universities across the country affected by a mass hack earlier this year, but a college spokesman said that so far no students or alumni have had their personal information breached.

EGCC is included on the list of educational institutions caught up in the MOVEit data breach. The National Student Clearinghouse submitted the list this week to the California Attorney General’s office.

“We did not want to unduly alarm students and faculty,” Dennis Willard, an EGCC spokesman, said in an email. “NSC began an investigation into the data breach and informed us that they would be reaching out to any students or alumni of Eastern Gateway if their personal identifiable information had been breached. To date, no students or alumni have been contacted because the investigation by NSC has found no cases of any of our students or alumni whose personal identifiable information had been breached.”

The Clop ransomware gang claimed responsibility for the cyber attack. It’s the same group that’s aimed at high-profile targets around the world.

“To be clear, Eastern Gateway did not experience a data breach,” Willard said in the email. “An unauthorized party may have obtained personal information records of Eastern Gateway students maintained by the National Student Clearinghouse. NSC immediately initiated an investigation and more than three months later they have found zero cases where Eastern Gateway students and alumni had their personal identifiable information breached.”

The NSC sent notification letters to those college and university students and alumni who were affected, saying the files include personal information including name, birth date, social security and student identification numbers and other records. The data affected varies by individual.

MOVEit is a third-party file sharing software tool used by the National Student Clearinghouse.

The NSC is a nonprofit, non-governmental organization, established in 1993, that “relieves the administrative burdens and costs related to student data reporting and exchange,” according to its website.
A sample notification letter submitted by the clearinghouse to the California AG’s office reads, “We take the safeguarding of our systems and your data extremely seriously, and we have implemented patches to the MOVEit software pursuant to Progress Software’s instructions and put in place additional monitoring measures to further protect our systems and your data.”

It also says the organization has arranged to offer identity monitoring services “to you for two years at no cost to you.”

Other institutions, including the University of Akron, Baldwin Wallace University, Case Western Reserve University, Cleveland State University, Cuyahoga Community College, Kent State University, Mercy College, Shawnee State University, Tiffin University, University of Dayton, in Ohio, and the Community College of Butler County, the University of Pittsburgh and Westmoreland County Community College in Pennsylvania, are on the list of those affected.

Some K-12 schools, none local, and financial institutions were part of the breach, too.

The breach occurred May 30.

Copyright 2024 The Business Journal, Youngstown, Ohio.