VALDOSTA — The University System of Georgia was among several government entities hit by a wide-scale cyberattack, though there was no word late last week on Valdosta State University being affected.

On June 7, the Cybersecurity and Infrastructure Security Agency issued a warning about a ransomware gang attempting to use faults in a software package called MOVEit to steal data.

The MOVEit package is intended to encrypt and transfer sensitive files.

Press reports indicate a number of federal government agencies, including the Department of Energy, have been wrestling with the MOVEit cyberattack.

“The U.S. Department of Energy takes cybersecurity and the responsibility to protect its data very seriously. Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency. The Department has notified Congress and is working with law enforcement, CISA and the affected entities to investigate the incident and mitigate impacts from the breach,” according to an energy department statement.

The university system confirmed Friday that it used MOVEit and it was “likely” bad actors had gained access to information in this manner.

“The University System of Georgia and the University of Georgia purchased the MOVEit Secure File Transfer and Automation software from Progress Software for its stated purpose of storing and transferring sensitive data,” according to a university system statement.

“Progress Software recently identified a zero-day defect in its MOVEit software, a vulnerability that likely allowed cybercriminals unauthorized access to information stored in the MOVEit secure repositories operating at numerous customer sites, including USG and the University of Georgia.”

University system staff limited access to MOVEit software and applied new patches from the software’s developer, Progress Software, to fix defective code, according to the statement.

“USG’s cybersecurity experts are evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected,” the university system said.

No mention of problems at any specific Georgia college or university other than the University of Georgia was mentioned in the statement but it is known that MOVEit is used at Valdosta State University; the software package is mentioned in various technical entries on the university’s website.