Names & Email Addresses of Parents & Staff from 127 MOE Schools Leaked After App Managing Students’ Devices Hacked

We can never be too sure about our data. What happens when our email is hacked? Suddenly you can’t access your accounts, suddenly you’re receiving notifications from shady sites or worse, you’re receiving blackmail.

Thankfully, “no sensitive data (was) compromised” according to the Ministry of Education (MOE) on Friday (19 Apr) in a data leak of 127 parents and school staff, and no children were harmed.

The Mobile Guardian App

Do you look back fondly to the old times when your biggest enemy on your journey to school is a really heavy backpack? Many shoulders of older GenZs and millennials have since taken on a different shape thanks to the heavy textbooks we used to lug to school.

Students today now bear the burden of bringing around a weighty laptop to school, with more educational resources being digitalised and learning taking place on what MOE calls a “personal learning device”.

The Mobile Guardian is a user management portal and its app, when installed in the personal learning device, allows parents and teachers to manage the students’ screen time, app downloads and website access, thereby preventing them from using their shiny laptops to play games (or do other, not so good things).

The Mobile Guardian works hand-in-hand with MOE to ensure digitalised learning can take place safely, but this hiccup has made everyone wary.

127 Email Addresses and Names Leaked

In a statement on MOE’s website, MOE confirmed that Mobile Guardian was compromised due to “unauthorised access” by an unknown hacker. This led to the leak of names and email addresses of parents and school staff from five primary schools and 122 secondary schools.

How to know if you’re affected? MOE said that parents who are not affected will not receive an email from MOE alerting them of the leak.

According to The Straits Times, the directors of the MOE Digital Workspace for Schools and Learning Partnership in Educational Technology said that the information leaked includes parents’ first and last names, their email addresses, the school the students go to and their time zones.

Fortunately, schools that use other devices – not Chromebook laptops or Apple iPad tablets as students’ personalised learning devices, are not affected by the data leak.

MOE had also lodged a police report after Mobile Guardian notified them about the data breach and the leak on 17 Apr. Mobile Guardian is expected to conduct investigations into the cause of the data leak and have taken immediate action to secure its administrative accounts.

Affected Users Notified

As mentioned, affected parents and staff have been contacted by MOE regarding their leaked data. MOE added that affected persons should continue to be vigilant and look out for phishing and other potentially harmful emails that may be sent to them.

In response to CNA, the company said that the compromised account had “limited access” to clients’ data but they couldn’t delve too much into the situation for fear of further security concerns.

Still Safe to Use

Mobile Guardian also said to CNA that they have “identified and improved certain processes to further strengthen our security measures.”

MOE reassured that Mobile Guardian’s user management portal is separate from MOE’s Device Manage Application (DMA) and there is “no evidence of unauthorised access” into MOE’s DMA.

They encourage parents whose students use the iPad or Chromebook to continue as usual.

Protect Yourselves

With more of our personal data readily given up for our convenience – be it tracking game progress, monitoring your health or storing membership rewards for shopping, it’s important to not give away too much and have reliable protective systems in place.

Two years ago, 330,000 Starbucks customers in Singapore had their data compromised and it was sold for $3,500. In the same year, OG Department store experienced a detrimental data breach too.