Since the number of those affected was so few, Olsen said he could not share exactly how many students were directly impacted out of privacy concerns. 

MSU shares student data with the National Student Clearinghouse, or NSC, an organization that provides universities with educational reporting, verification and research services. NSC uses the popular file-transfer platform MOVEit, which was the victim of a massive cyber attack in June. 

The Cybersecurity and Infrastructure Security Agency identified the cybercriminal gang known as “CL0P” as the culprit of the attack. The group took advantage of a vulnerability in MOVEit’s code to access data from some of the biggest names in business, including the NSC. 

It’s estimated CL0P will gain around $75-$100 million from ransom payments.

MSU is one of 890 schools impacted by the NSC breach, with 51,869 people, including students, affected in total, according to NSC’s data breach filing with the Office of Maine’s attorney general in August. 

CL0P leaked a portion of MOVEit data publicly online in July, following through on earlier threats. Websites containing the stolen data were quickly taken down. 

Rick Wash, a professor in MSU’s media and information department, told The State News in July it’s not clear whether the information CL0P has on students will ever be released publicly. Since the group has taken massive amounts of data, they likely don’t have the time to sort through it to find what's most valuable. 

“It’s not great for us, but it’s not as bad as it would be if they were specifically doling out the bad pieces of data and selling it,” Wash said.

NSC did not respond to requests for comment.