US technology company and Siemens subsidiary Brightly Software is notifying its customers that their personal information and credentials have been stolen by attackers who gained access to its SchoolDude online platform database.
SchoolDude is a cloud-based platform for work order management used by over 7,000 colleges, universities, and K-12 schools in school districts with up to 600,000 students.
The companies’ other SaaS solutions are used by more than 12,000 organizations worldwide, mostly in the US, Canada, UK and Australia.
“We at Brightly Software are writing to inform you of a recent security incident affecting an account you have on our SchoolDude app (schooldude.com), an online platform used by educational institutions to pass and keep track of maintenance work orders,” the affected Brightly said. SchoolDude users.
“The incident involved an unauthorized actor obtaining certain account information from SchoolDude’s user database.”
The company believes the threat actors stole customer account information, including names, email addresses, account passwords, phone numbers (if available), and district names school.
Brightly is also resetting passwords for all SchoolDude users, who will now have to choose a new password after clicking “Forgot Login or Password?” at login.schooldude.com.
“Because passwords were affected in this incident, we are writing to remind you of the importance of using a strong, unique password for every online account you manage,” the SaaS provider added.
“If you are currently using your SchoolDude password for another online account, we recommend that you promptly change your passwords on those other accounts.”
After detecting the incident, Brightly reported the breach to law enforcement authorities and engaged third-party security experts to investigate the attack.
BleepingComputer was unable to contact a Brightly spokesperson for further details regarding the attack (the email bounced back with a “550 invalid mailbox” error).