In 2023, educational institutions in the United States experienced a significant increase in data breaches [2], with a record 954 breaches compared to 139 in 2022.


The surge was primarily attributed to vulnerabilities in MOVEit file transfer software [1], impacting over 800 institutions and leading to nearly 4.3 million compromised records. Ransomware attacks and third-party breaches have become predominant causes of breaches [1] [2], with notable incidents involving Blackbaud [1] [2], Illuminate Education [1] [2], and MOVEit [1] [2]. Colleges and universities accounted for 60% of breaches [1] [2], with 83% of affected records originating from post-secondary institutions [1] [2]. The MOVEit breach alone impacted at least 802 educational institutions [1] [2], with the University System of Georgia reporting 800,000 individuals affected [1] [2]. New York reported the highest number of breaches [1] [2], while California had the largest number of records affected [1] [2]. Ransomware attacks predominantly targeted K-12 schools [1] [2], with post-secondary institutions seeing a higher volume of records impacted [1] [2]. The first quarter of 2024 saw a significant reduction in breaches [2], suggesting a potential positive trend amidst ongoing cyber-attacks [2].


The University System of Georgia recently announced a data breach affecting previous students, faculty [3], and staff [3], exposing approximately 800,000 individuals’ personal data due to vulnerabilities in MOVEit software [3]. The breach led to exploitation by the Clop ransomware gang [3], resulting in sensitive data theft including compromised Social Security numbers [3], birth dates [3], and banking information [3]. Notifications have been sent to current and former students [3], staff [3], and contractors of USG [3], alerting them about potential data exposure [3]. USG has responded promptly to the breach [3], emphasizing the critical importance of secure data management [3].