SINGAPORE: A data breach at one of its vendors has resulted in the “unauthorised access” of names and email addresses of parents and staff from five primary and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19).
MOE said it was notified by Mobile Guardian that its user management portal had been breached on Wednesday, with the incident occurring at the company’s headquarters in Surrey, United Kingdom.
Mobile Guardian is a device management app (DMA) installed on personal learning devices used by students, like iPads and Google Chromebooks. The app enables parents to manage students’ device usage by restricting applications or websites and screen time.
MOE added its own device management app was not affected by the data breach as it is separate from Mobile Guardian’s user management portal and “remains safe for use”.
“There is no evidence of unauthorised access into the MOE DMA. Parents whose students use the iPad or Chromebook can continue to use the DMA as usual,” it said.
The ministry as well as the schools involved will notify all affected parents and teachers about the data breach incident.
They are also advised to remain vigilant of any phishing emails that may be sent to them, MOE added.
The ministry said it has expressed its concerns to Mobile Guardian and a police report has been lodged.
In response to the incident, Mobile Guardian has implemented further security measures, such as locking down all administrative accounts.
The mobile device management software company is also working with information technology security experts to determine how the data breach occurred.
Mobile Guardian was appointed as MOE’s official mobile device management services vendor in November 2020.
CNA has contacted the ministry, the Personal Data Protection Commission (PDPC) and Mobile Guardian for more information.
