$9.95M National Student Clearinghouse Data Breach Class Action Settlement

In May 2023, the National Student Clearinghouse (NSC), a nonprofit organization that assists students, educational institutions, and employers with access to educational data, experienced a significant data breach. This breach compromised sensitive personal information, leading to a class action lawsuit and a subsequent $9.95 million settlement. This article provides a comprehensive overview of the incident, details on the settlement, eligibility criteria, claim filing procedures, potential compensation, and important deadlines.

Background of the National Student Clearinghouse Data Breach Class Action Settlement

The Incident: How It Happened?

Between May 28 and May 31, 2023, unauthorized individuals exploited a vulnerability in the MOVEit Transfer software—a third-party file transfer tool used by NSC—to gain access to files containing sensitive personal information. The compromised data included Social Security numbers, names, birthdates, contact details, student ID numbers, and certain educational records such as enrollment and degree information.

Discovery and Response

On May 31, 2023, Progress Software Corporation, the developer of MOVEit Transfer, notified NSC of the security issue. NSC promptly initiated an investigation with cybersecurity experts and collaborated with law enforcement agencies. By June 20, 2023, it was determined that an unauthorized party had accessed specific files within the MOVEit software around May 30, 2023.

Legal Actions

Following the breach, affected individuals filed a class action lawsuit against NSC, alleging that the organization failed to implement reasonable cybersecurity measures to protect personal information. The lawsuit claimed that NSC’s negligence led to the unauthorized access and potential misuse of sensitive data.

Settlement Agreement

To resolve the allegations without admitting wrongdoing, NSC agreed to a $9.95 million settlement. This settlement aims to compensate affected individuals and provide resources to mitigate potential damages resulting from the breach.

How to File a Claim

If you received a notification from NSC indicating that your Social Security number was included in the files affected by the MOVEit data breach, you may be eligible to file a claim. Here’s how to proceed:

1. Obtain Your Unique ID and PIN: Check the email or letter you received from NSC for your unique ID and PIN, which are required to file a claim.
2. Access the Claim Form: Visit the official settlement website to access the online claim form.
3. Complete the Claim Form: Fill out the form with accurate information, including your unique ID and PIN. Indicate the type of compensation you are seeking—reimbursement for losses, alternative cash payment, or credit monitoring services.
4. Submit Documentation: If you are claiming reimbursement for losses, provide supporting documentation such as bank statements, receipts, invoices, or other records evidencing your expenses.
5. Submit the Claim: Review your information for accuracy and submit the claim form before the deadline.

For a more streamlined process, consider using services like Sparrow, which can assist in managing and submitting claims efficiently.

Potential Compensation

Eligible class members may receive the following benefits:

• Reimbursement for Ordinary Losses: Up to $2,500 for documented out-of-pocket expenses related to the data breach, including:
  • Bank fees
  • Fraudulent charges
  • Credit monitoring costs
  • Up to four hours of lost time at $25 per hour
• Reimbursement for Extraordinary Losses: Up to $10,000 for documented monetary losses resulting from fraud or identity theft directly related to the data breach.
• Alternative Cash Payment: A $100 cash payment for class members who do not wish to claim reimbursement for specific losses. The actual amount may vary depending on the number of claims filed.
• Credit Monitoring and Identity Theft Protection: Two years of free services, including three-bureau credit monitoring, real-time alerts, and up to $1 million in identity theft insurance.

Eligibility Criteria

You may be eligible to participate in the settlement if:

• Your Social Security number was included in the files affected by the MOVEit data breach between May 28 and May 31, 2023.

If you are uncertain about your eligibility, contact the Settlement Administrator through the official settlement website.

Important Deadlines

• Claim Submission Deadline: May 26, 2025. Ensure your claim form and any supporting documentation are submitted by this date.
• Exclusion and Objection Deadline: April 25, 2025. If you wish to exclude yourself from the settlement or object to its terms, you must do so by this date.
• Final Approval Hearing: May 12, 2025. The court will determine the fairness of the settlement during this hearing.

Conclusion

The $9.95 million settlement resulting from the National Student Clearinghouse data breach provides an opportunity for affected individuals to receive compensation and protective services. If you were impacted by this incident, it’s crucial to understand your rights and take appropriate steps to file a claim before the deadline. Utilizing resources like the official settlement website and services such as Sparrow can facilitate a smoother claim process. Stay informed and proactive to safeguard your personal information and mitigate potential damages arising from this data breach.