On May 11, 2023, Brightly Software notified SchoolDude customers of an incident involving an unauthorized actor obtaining certain account information from the SchoolDude user database. The incident has been resolved.
Incident Description: The attack occurred between April 20, 2023, and April 22, 2023. After conducting initial probing of the SchoolDude platform on April 20, the attacker identified a vulnerability in a platform feature that enabled them to upload certain malicious files to obtain remote access to the SchoolDude web server.
Using the access, the attacker was able to exfiltrate the following SchoolDude user data on April 22, 2023:
• Name • Email address • Account password (if non SSO users) • Phone number (if added to the account) • School district name
Remedial Actions and Additional Protective Actions : Brightly took a number of remediation steps in the immediate aftermath of the incident to prevent the recurrence of a similar breach, including but not limited to:
• Remediating the vulnerability exploited by the attacker; • Resetting all user passwords; • Implementing enhanced password security measures; • Bolstering perimeter protection against attacks on the web server; • Deploying additional monitoring, detection, and response tools in the environment.
Beyond these steps, Brightly has engaged a leading cybersecurity firm to conduct proactive security testing of the SchoolDude platform, in order to identify any other recommendations for hardening the platform against an attack.
Posted Jun 19, 2023 - 14:01 EDT
This incident affected: Work and Asset Management (MaintenanceDirect, PMDirect, CapitalForecastDirect, SchoolDude WorkCenter, InventoryDirect, Inventory Wireless), IT Asset Management (Incident), Energy Management (UtilityDirect), Event Management (FSDirect, FSAutomation, TripDirect), and MySchoolBuilding.