Data incident at University System of Georgia exposes bank account numbers


The University System of Georgia, a US government agency, has suffered a data incident via the infamous MOVEit Transfer hack.

The University System of Georgia said that “USG purchased MOVEit secure file transfer software from Progress Software to transfer and store sensitive data.”

This software contained a vulnerability that was subsequently exploited by hackers, with some dubbing this attack ‘the biggest hack of 2023.’

ADVERTISEMENT

This led to various institutions, organizations, and individuals having their sensitive data exposed. Another victim to add to the list is the University System of Georgia (USG).

The data involved in the incident includes:

  • Full or partial (last 4 digits) of Social Security Numbers
  • Dates of birth
  • Bank account numbers
  • Federal income tax documents with Tax ID number

During the attack, cybercriminals were able to access “numerous government, higher education, and corporate customers sites worldwide,” which included USG.

The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) believe that the cybercrime group Cl0p was behind the attack, and the information is possibly published on the ransomware gang’s website.

The software was removed from USG’s systems, and the agency updated and secured these systems “in accordance with guidance from Progress Software and CISA.”

USG is offering access to Experian IdentityWorks to monitor possible identity theft and fraud.

The University Systems of Georgia is a government agency that includes 26 different institutions, including four research universities, four comprehensive universities, nine state universities, and nine state colleges.

ADVERTISEMENT

High-ranking universities like the Georgia Institute of Technology are among the campuses of the University System of Georgia.

Last year, ransomware gang Cl0p exploited a now-patched zero-day bug in Progress Software’s MOVEit Transfer software, which allowed attackers to access and download the data stored there.

The Russia-linked gang Cl0p goes by a few different names. People in the cyber industry know the syndicate as TA505, Lace Tempest, Dungeon Spider, and FIN11. The gang is quite old, having been first observed back in 2019.

Numerous well-known organizations have had their clients exposed to the MOVEit attacks. For example, TD Ameritrade, a US stockbroker, reported that over 60,000 of its clients were exposed, with Cl0p taking the financial account data of some.

Other named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University and Health System, Warner Bros Discovery, AMC Theatres, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.