FREQUENTLY ASKED QUESTIONS
RE: NATIONAL STUDENT CLEARINGHOUSE DATA BREACH
What is the National Student Clearinghouse?
The National Student Clearinghouse (NSC) is a national non-profit with 3600 partner schools across the country, including Helene Fuld College of Nursing. NSC provides enrollment and degree verification to the National Student Loan Data System, private employers, external scholarship organizations, and member schools to conduct prior and subsequent enrollment reviews. NSC is a vital resource for Admissions, Registrar’s Office, and Institutional Planning, Assessment, Effectiveness, and Research to meet state and federal reporting requirements.
What happened?
NSC identified an exploit that compromised student data within its MOVEit secure file transfer protocol.
What did the National Student Clearinghouse do in response to the incident?
- Upon identifying this vulnerability, the NSC launched an investigation and took steps to secure relevant systems. Their investigation determined that an unauthorized party obtained files which contained personal information that is maintained on behalf of member organizations.
- The Clearinghouse promptly took measures to protect customer data and its systems by applying the relevant security patches and diligently following guidance from the Department of Homeland Security’s
- Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
- The NSC informed member institutions on June 23, 2023, that all security updates to MOVEit were live, and the system was “fully operational” and secure.
- The NSC is conducting a third-party forensic review to identify affected institutions and their specific students.
- The NSC will inform Helene Fuld College of Nursing of any compromised student data.
What measures are being taken by NSC to insure that further data breaches will not occur?
As a precautionary measure, NSC rebuilt the Clearinghouse’s entire MOVEit environment, using new installations of the latest operating systems as well as installing a clean copy of the latest version of the MOVEit Transfer application.
What did Helene Fuld College of Nursing do in response to the incident?
- Upon being informed of the MOVEit Exploit, HFCN did not provide any further data uploads to the National Student Clearinghouse until security updates and patches were completed.
- HFCN’s student information system was not compromised during this breach.
- HFCN’s IT Department will contact the affected students upon their identification and will update credentials for any user who was impacted by the MOVEit data breach, as an additional security measure.
- HFCN’s IT Department will enforce the use of 2fa for the impacted users.
How will I know if my data was part of the breach?
The NSC will notify member institutions of any data breaches affecting their students. If HFCN receives any notifications, it will contact the students affected.
What do I do if I am informed that my data has been breached?
If you are informed of a breach in your data, instructions will be provided regarding actions to be taken.
What should I do if I have questions or concerns?
For any questions or concerns, email Moveit.Incident@helenefuld.edu