The potential data breach is tied to the MOVEit Secure File Transfer and Automation software, which the University System and University of Georgia purchased to store and transfer sensitive data.
The product’s maker, Progress Software, recently identified a vulnerability that “likely allowed cyber criminals unauthorized access to information” stored in MOVEit repositories, the University System said in a statement Wednesday evening to The Atlanta Journal-Constitution.
The University System did not specify when the breach occurred. It also did not detail what kind of information may have been exposed or how many records were stored.
According to news reports, other victims of the breach could include Johns Hopkins University, some U.S. banks as well as international companies and several state governments.
The University System said it implemented Progress Software’s recommendations to address the defect by limiting the software’s access to the Internet and taking other steps.
“USG personnel are actively monitoring further communications from Progress Software and will adhere to any future recommendations,” the statement said. “USG’s cybersecurity experts are evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”
In another recent data breach incident, Mercer University faces federal lawsuits over the alleged exposure of personal information for more than 93,000 people, including employees and students.
The private, Macon-based school notified people last month of “unlawful access” into its computer servers that may have included individuals’ names in combination with their Social Security numbers and/or their driver’s license number.
©2023 The Atlanta Journal-Constitution. Distributed by Tribune Content Agency, LLC.
