45,000 NYC students among the victims of MOVEit global data breach, DOE officials say

A child’s hands typing on a black laptop keyboard.

Tens of thousands of New York City students were among the millions of victims who have had their personal information compromised through the recent MOVEit data breach, education officials said Friday.

A security vulnerability in the file-sharing software MOVEit — widely used by private companies and governments to safely transfer documents and data — has wreaked havoc in recent weeks as hackers accessed sensitive information across the globe.

Officials estimated roughly 45,000 students, as well as education department staff and service providers, were impacted by the data breach. For those affected, that could mean social security numbers, OSIS numbers, dates of birth, and employee IDs were stolen.

Roughly 19,000 documents were also accessed without authorization, including student evaluations and related services progress reports, Medicaid reports for students receiving  services, as well as internal records related to DOE employees’ leave status.

City officials said they would notify individuals whose data was compromised “this summer,” though they did not specify a date. The kind of data impacted could vary from person to person, officials said. Those affected will be offered access to an identity monitoring service, which helps people track if their information is being used illicitly.

The department patched the software within hours of learning about the vulnerability and is working with local and federal law enforcement agencies to investigate the breach, officials said.

“Working with NYC Cyber Command, we immediately took steps to remediate, and an internal investigation revealed that certain DOE files were affected,” said Nathaniel Styer, an education department spokesperson, in an emailed statement. “Currently, we have no reason to believe there is any ongoing unauthorized access to DOE systems. We will provide impacted members of the DOE community with more information as soon as we are able.”

Nationally, the data breach has affected millions — as financial institutions and government agencies were impacted by the sweeping cyberattack. 

It’s not the first time New York City students have been subject to a cyberattack. Roughly 820,000 current and former students had their information compromised last year after a security breach of a company used by schools for tracking attendance and grading.

In the aftermath, experts told Chalkbeat that families should change passwords associated with their child’s school accounts, monitor their credit, and watch out for scam calls and emails. 

City officials said the DOE has not been subject to any threat or ransom, and none of its information has been published.

Julian Shen-Berro is a reporter covering New York City. Contact him at jshen-berro@chalkbeat.org.

The Latest

Mayor Eric Adams has argued that the limits are necessary to relieve severe overcrowding in the city’s shelter amid an unprecedented and ongoing influx of migrants.

Teacher Kali Burks shared stories from her first year teaching eighth grade.

Los niños sin hogar tienen ciertos derechos destinados a mantener la estabilidad para ellos en la escuela, incluida la capacidad de permanecer en la escuela a la que han estado asistiendo.

The district is still working to shorten bus rides for more than 100 students with disabilities to comply with state law.

Lee’s plan seeks to eliminate income requirements and change who could benefit.

With initiatives targeted at specific schools, neighborhoods, or family needs, they’re chipping away at a problem that has long undermined efforts to improve student achievement.