App managing student devices in 127 schools hacked; names and e-mail addresses leaked: MOE
SINGAPORE – The names and e-mail addresses of parents and teachers of 127 primary and secondary schools were leaked after a mobile platform on students’ personal learning devices was hacked, said the Ministry of Education (MOE) on April 19.
Mobile Guardian’s user management portal was compromised at its headquarters by an incident of unauthorised access, which led to the leak of names and e-mail addresses of parents and teachers from five primary schools and 122 secondary schools, said MOE in a statement on its website. That means about a third of all primary and secondary schools in Singapore were affected by this leak.
The Mobile Guardian app, which is installed on personal learning devices including Chromebook laptops and Apple’s iPad tablets, helps parents manage their children’s device use and restrict specific websites, apps and screen time.
The parents and teachers whose personal information may have been leaked will be notified, said MOE. It added that they should remain vigilant against any phishing e-mails that may be sent to them. If parents have not received e-mails, it means they have not been affected by the leak, the statement said.
In an e-mail sent to affected parents and seen by The Straits Times, the directors of the MOE Digital Workspace for Schools and Learning Partnership in Educational Technology said the leaked information included the first and last names of parents, their e-mail addresses, the school the students attend, the time zone they are in, as well as whether a person is a parent or a staff member.
According to the e-mail, the five primary schools affected were involved in the pilot on pupils’ use of personal learning devices. MOE said its own device management platform was not compromised and remains available for parents’ use on the students’ ChromeOS or iOS learning devices.
In response to queries, an MOE spokeswoman said those affected by the hack were school staff members with access to device management functions on the app, as well as parents who had signed up to use Mobile Guardian on Chromebook laptops and Apple’s iPad tablets.
Schools using other devices are not affected, and will not be receiving any e-mails linked to the hacking, she said.
MOE, she added, was notified by Mobile Guardian about the leak on April 17, and MOE has lodged a police report. It also expressed its concerns to the device management software firm.
Mobile Guardian – a software company headquartered in Surrey, Britain, with offices in the US and South Africa – has locked down its administrative accounts and is conducting investigations to find out how the leak may have occurred.
In response to queries, Mobile Guardian said in a statement that its investigations found that there was an unauthorised entry into its systems using an administrative account on its management portal.
“The account was immediately suspended and a thorough forensic analysis was initiated to identify any data that may have been accessed,” the statement added.
It added that Mobile Guardian is in touch with MOE and that it apologises for the breach.
In an undated statement on its website, Mobile Guardian said it was alerted on April 12 “via e-mail by the intruder to the unauthorised entry”.
The e-mail was flagged as a spam or a phishing attempt until another alert was received on April 16.