National Student Clearinghouse, Progress Software Corporation Facing Class Action Over May 2023 MOVEit Data Breach [UPDATE]
Last Updated on September 26, 2024
Evangelista v. National Student Clearinghouse et al.
Filed: November 3, 2023 ◆§ 1:23-cv-12993
National Student Clearinghouse faces a class action over its alleged failure to secure consumers’ private information during a data breach targeting MOVEit.
September 26, 2024 - $9.95M National Student Clearinghouse Settlement
National Student Clearinghouse (NSC) has agreed to settle the proposed class action lawsuit detailed on this page for $9.95 million. The plaintiff’s claims against Progress Software Corporation have yet to be resolved.
Read ClassAction.org’s write-up about the National Student Clearing House data breach settlement.
National Student Clearinghouse (NSC) faces a proposed class action over its alleged failure to secure consumers’ private information during a May 2023 data breach targeting MOVEit, a file transfer platform owned by third-party IT vendor and co-defendant Progress Software Corporation (PSC).
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 47-page lawsuit says NSC, an educational nonprofit, was informed by PSC on May 31, 2023 that an unauthorized party had accessed certain files from the MOVEit tool containing sensitive information entrusted to the organization by students. According to the case, an investigation by NSC revealed that on or around May 30 of this year, a notorious ransomware gang known as Cl0p stole files related to 890 schools using the nonprofit’s services.
Information reportedly exposed in the cyberattack includes names, dates of birth, contact details, Social Security numbers, student ID numbers, and certain school-related records such as enrollment records, degree records and course-level data, the case relays.
“Armed with the Private Information accessed in the Data Breach, data thieves can and likely have committed a variety of crimes and bad acts,” including identity theft and fraud, the suit stresses.
Related Reading: 2023 MOVEit Data Breach Lawsuits
The complaint alleges that both NSC and PSC disregarded the privacy rights of consumers by “intentionally, willfully, recklessly, or negligently” failing to implement reasonable cybersecurity measures. Per the suit, PSC left private information on its computer systems “unsecured and unencrypted,” and NSC was responsible for ensuring that any third parties it hired maintained adequate data security.
Investigations into Cl0p’s attack on MOVEit—which has reportedly affected over 2,000 government and corporate entities—show that the group had been experimenting with ways to exploit a vulnerability in the software as far back as 2021, the case says.
The filing goes on to note that NSC waited over two months after it confirmed its involvement in the breach to begin notifying affected individuals in late August, giving cybercriminals a “head start on using [the plaintiff’s] and the Class’s [private information] for nefarious, commercial purposes.”
The lawsuit looks to represent anyone in the United States whose private information was exposed in the data breach involving National Student Clearinghouse and Progress Software Corporation.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.