Stay on this page and when the timer ends, click 'Continue' to proceed.

Continue in 17 seconds

Data breach at vendor affects 127 schools, exposing Information of parents and staff

Data breach at vendor affects 127 schools, exposing Information of parents and staff

Source: Gutzy Asia

SINGAPORE: The Ministry of Education (MOE) has reported a data breach at Mobile Guardian, one of its vendors, leading to the unauthorized access of sensitive information from parents and staff across 127 schools, including five primary and 122 secondary schools.

Mobile Guardian is a Device Management Application (DMA) installed on students' Personal Learning Devices to allow parents to manage students' device usage by restricting applications/websites and screen time.

This breach was disclosed by the ministry on Friday (19 Apr), following notification from the vendor about the incident that took place at Mobile Guardian's headquarters in Surrey, United Kingdom, on 17 April.

The compromised data includes first and last names, email addresses, associated schools, time zones, and identification as either parent or staff member.

Local media revealed that an email sent to affected parents by MOE's Digital Workspace for Schools and Learning Partnership in Educational Technology detailed the scope of the leak.

The five primary schools involved were reportedly participating in a pilot program for student use of personal learning devices.

MOE has assured that its own device management platform, used to manage student devices like Chromebooks and iPads, has not been affected and remains secure for use.

"Mobile Guardian's user management portal is separate from MOE's DMA. There is no evidence of unauthorised access into the MOE DMA. Parents whose students use the iPad or Chromebook can continue to use the DMA as usual." said MOE.

All affected individuals are being notified by the ministry and schools, with an advisory to remain vigilant against potential phishing emails.

A police report has been filed, and MOE has expressed its concerns directly to Mobile Guardian.

Following the breach, Mobile Guardian has implemented stringent security measures, including the lockdown of all administrative accounts.

The company, which has additional offices in the US and South Africa, is actively working with IT security experts to determine the cause of the breach and to enhance their security protocols.

MOE, in collaboration with the Personal Data Protection Commission (PDPC), is said to be closely monitoring the situation and evaluating the responses from Mobile Guardian to ensure all necessary steps are taken to prevent future breaches.

Could not load content