Brightly Software has informed users of the SchoolDude app that hackers have gained access to its user database and stole sensitive information.
Brightly is American company, subsidiary of Siemens, that markets SchoolDude as a complete cloud-based educational operations management suite. The product is used by thousands of schools, universities, and colleagues in the United States, United Kingdom, Canada, Australia, and other organizations worldwide.
Yesterday, the company notified the Office of the Main Attorney General that 2,964,292 individuals have been impacted by a data breach that occurred on April 20, 2023, which the firm discovered on April 28, 2023.
“We at Brightly Software are writing to let you know about a recent security incident affecting an account you have on our SchoolDude application (schooldude.com), an online platform used by educational institutions for placing and tracking maintenance work orders. The incident involved an unauthorized actor obtaining certain account information from the SchoolDude user database.” – Brightly notification
The security incident at Brightly has resulted in the exposure of the following data:
- Email address
- Account password
- Phone number (if provided)
- School district name
Exposure of the above data to hackers increases the risk of social engineering, phishing, impersonation, and bank fraud attacks against the impacted users. Unfortunately, due to the type of the software involved in this incident, the sensitive categories of school and university students are almost definitely affected.
Brightly says it has reported the incident to the law enforcement authorities and is currently investigating with the help of third-party IT experts to determine its scope and magnitude.
All SchoolDude user accounts have had their passwords invalidated to prevent unauthorized access, so users will have to set new passwords on their next login. The firm says users should visit the login portal at “login.schooldude.com” and click on the “Forgot Login Name or Password” option to initiate a password reset process.
Brightly has confirmed that user passwords have been compromised, so if account holders use the same credentials on any other online platforms, they are advised to reset them on those sites too.