The Georgia system used MOVEit Transfer to store sensitive data, but a vulnerability in the software allowed hackers to gain access to the systems.
Data related to the incident includes:
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Protection Agency (CISA) suspect that Cl0p, who published the data on his website, is behind the attack. The University Systems of Georgia is a public institution that includes 26 different institutions, including four research universities, four public universities, nine state universities, and nine state colleges.
In response to the attack, the software was removed from the systems and data retention and protection was updated in accordance with CISA and developer Progress Software guidelines. Victims can use Experian IdentityWorks for fraud monitoring.