U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.
SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up to 600,000 students.
The companies’ other SaaS solutions are being used by more than 12,000 organizations worldwide, most from the United States, Canada, the United Kingdom, and Australia.
“We at Brightly Software are writing to let you know about a recent security incident affecting an account you have on our SchoolDude application (schooldude.com), an online platform used by educational institutions for placing and tracking maintenance work orders,” Brightly told affected SchoolDude users.
“The incident involved an unauthorized actor obtaining certain account information from the SchoolDude user database.”
The company believes the threat actors have stolen customer account information, including names, email addresses, account passwords, phone numbers (where available), and school district names.
Brightly data breach letter (BleepingComputer)
Brightly also reset the passwords of all SchoolDude users, who will now have to choose a new password after clicking “Forgot Login Name or Password?” on login.schooldude.com.
“Because passwords were affected in this incident, we are writing to remind you of the importance of using a strong and unique password for each online account you maintain,” the SaaS provider added.
“If you are currently using your SchoolDude password for any other online account, we recommend that you promptly change your passwords on those other accounts.”
After detecting the incident, Brightly reported the breach to the relevant law enforcement authorities and hired third-party security experts to investigate the attack.
According to a notification filed with the Office of Maine’s Attorney General, the attackers infiltrated Brightly’s systems on April 20 and were discovered on April 28.
The same notification reveals that the data breach affected 2,964,292 SchoolDude customers and users.
In a statement shared with BleepingComputer via email, a Brightly spokesperson didn’t provide any additional details besides those provided in the letters sent to customers.
Update: Added breach date and the number of affected individuals.
- johnlsenchak – 3 days ago
Telling users to do a password reset without any type of two factor authentication NICE!
- neumarke – 3 days ago
Does anyone know the email address from which the notifications are coming?
McAfee Consumer Products Removal tool
Version: NA 431,416 Downloads
Version: 4.5.28 4M+ Downloads
Version: 220.127.116.11 56M+ Downloads
Windows Repair (All In One)
Version: 4.13.1 2M+ Downloads
Everything Desktop Search
Version: 18.104.22.1687 22,896 Downloads