Active Network, a provider of web-based school accounting software for K-12 schools and districts, recently disclosed a critical security breach.
According to official notice, unknown intruders gained access to Active Network’s Blue Bear platform, a software that facilitates administration and management of school accounting, student fees, and online stores on behalf of schools and other educational institutions.
Active Network stated that the personal information of students or parents who accessed the school’s Blue Bear software between October 1, 2019, and November 13, 2019, might have affected in the incident.
It’s believed that hackers might have accessed users’ private data like name, payment card number, expiration date, security code, and Blue Bear account usernames and passwords. However, the company clarified that the incident didn’t affect users’ Social Security numbers, driver license numbers, or similar government ID card numbers.
Active Network is still investigating the issue and started notifying the affected parents and students.
“As soon as we identified the suspicious activity, our counsel engaged a leading cybersecurity firm to investigate the incident and took steps to enhance its monitoring tools and security controls. We are also offering you free identity monitoring services.,” Active Network said in a statement.
Security pros at Active Network opined that the incident appears to be a web skimming attack, where attackers planted malicious code in Active Network’s Blue Bear platform and collected users’ payment details while they were paying fees.
K-12 district schools have been a soft target for cybercriminals. To address the same, two U.S. Senators, Gary Peters (D-Mich.) and Rick Scott (R-Fla.), both members of the Senate’s National Security and Government Affairs Committee recently tabled a new bill: K-12 Cybersecurity Act.
The Act directs the DHS Cybersecurity and Infrastructure Security Agency (CISA) to first study the specific cybersecurity risks associated with K-12 educational institutions. Once the study is done, CISA will then be responsible to develop cybersecurity recommendations and set up online tools to help schools with their cybersecurity requirements.