{
	"id": "282b5f26-ea53-4375-b447-6578241c7aa6",
	"created_at": "2026-04-06T00:22:27.819278Z",
	"updated_at": "2026-04-10T03:22:12.0788Z",
	"deleted_at": null,
	"sha1_hash": "065e4adfe298e0ad8ae960dc8feeb59340ad1cca",
	"title": "Hackers steal data of 45,000 New York City students in MOVEit breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1026494,
	"plain_text": "Hackers steal data of 45,000 New York City students in MOVEit breach\r\nBy Sergiu Gatlan\r\nPublished: 2023-06-26 · Archived: 2026-04-05 14:10:15 UTC\r\nThe New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal\r\ninformation of up to 45,000 students from its MOVEit Transfer server.\r\nThe managed file transfer (MFT) software was used by NYC DOE to securely transfer data and documents internally and\r\nexternally to various vendors, including special education service providers.\r\nNYC DOE patched the servers as soon as the developer disclosed info on the exploited vulnerability (CVE-2023-34362);\r\nhowever, the attackers were already abusing the bug in large-scale attacks as a zero-day before security updates were\r\navailable.\r\nhttps://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe affected server was taken offline after the breach was discovered, and NYC DOE is working with NYC Cyber\r\nCommand to address the incident.\r\n\"We also conducted an internal investigation, which revealed that certain DOE files were affected. Review of the impacted\r\nfiles is ongoing, but preliminary results indicate that approximately 45,000 students, in addition to DOE staff and related\r\nservice providers, were affected,\" NYC DOE COO Emma Vadehra said in a statement issued over the weekend.\r\n\"Roughly 19,000 documents were accessed without authorization. The types of data impacted include Social Security\r\nNumbers and employee ID numbers (not necessarily for all impacted individuals; for example, approximately 9,000 Social\r\nSecurity Numbers were included).\r\n\"The FBI is investigating the broader breach that has impacted hundreds of entities; we are currently cooperating with both\r\nthe NYPD and FBI as they investigate.\"\r\nThe Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a\r\nstatement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of \"hundreds of\r\ncompanies.\"\r\nKroll also uncovered evidence that Clop had been actively testing exploits for the now-patched MOVEit zero-day since\r\n2021 and researching methods to extract data from compromised servers since at least April 2022.\r\nClop's involvement in this extensive data theft campaign is part of a broader pattern of targeting MFT platforms.\r\nPrevious instances include the breach of Accellion FTA servers in December 2020, SolarWinds Serv-U servers in 2021, and\r\nthe widespread exploitation of GoAnywhere MFT servers earlier this year in January.\r\nClop already extorting impacted organizations\r\nThe Clop gang began extorting organizations affected by the MOVEit data theft attacks almost two weeks ago, on June 15,\r\nby publicly listing their names on Clop's dark web data leak site.\r\nShell, the University of Georgia (UGA) and University System of Georgia (USG), Heidelberger Druck, UnitedHealthcare\r\nStudent Resources (UHSR), and Landal Greenparks are just some of the organizations that have confirmed to\r\nBleepingComputer that they were impacted.\r\nOther victims that already disclosed breaches related to the MOVEit Transfer attacks include the U.S. state of Missouri, the\r\nU.S. state of Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland's HSE), Ofcam, the government\r\nof Nova Scotia, the American Board of Internal Medicine, and Extreme Networks.\r\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed that several U.S. federal agencies have also\r\nbeen compromised, as reported by CNN. Federal News Network said the attacks also impacted two U.S. Department of\r\nhttps://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/\r\nPage 3 of 4\n\nEnergy (DOE) entities.\r\nProgress warned MOVEit Transfer customers last week to restrict HTTP access to their servers after info on a new SQL\r\ninjection (SQLi) security flaw (CVE-2023-35708) was published online.\r\nThat warning came after another advisory disclosed several other critical SQL injection vulnerabilities collectively tracked\r\nas CVE-2023-35036.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/\r\nhttps://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/"
	],
	"report_names": [
		"hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach"
	],
	"threat_actors": [],
	"ts_created_at": 1775434947,
	"ts_updated_at": 1775791332,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/065e4adfe298e0ad8ae960dc8feeb59340ad1cca.pdf",
		"text": "https://archive.orkl.eu/065e4adfe298e0ad8ae960dc8feeb59340ad1cca.txt",
		"img": "https://archive.orkl.eu/065e4adfe298e0ad8ae960dc8feeb59340ad1cca.jpg"
	}
}