Active Network, a company that designs accounting and management software for schools and districts across the United States, has suffered a security breach.
The company filed a report with the Office of California’s Attorney General, where it was revealed that its Blue Bear software platform was hacked in 2019. This led to a data leak of several customers’ personally identifiable information.
School management software provider discloses severe security breach https://t.co/dzbml4DfkZ
— ZDNet (@ZDNet) January 6, 2020
Possible Web Skimming Attack on Active Network
Per the report, the company explained that between October 1 and November 30, 2019, the Blue Bear platform hosted some illegal activity. The platform makes financial administration and management software for public k-12 schools and districts. As the company explained, parents who accessed the platform within this time frame to make purchases or payments could have had their information stolen.
These include customer names, credit card details, security codes, and the usernames and passwords used by these Blue Bear customers. Other information like driver’s license numbers, government ID card numbers were unaffected in the breach.
The company posited that the attack could have been a web skimming effort, based on the type of information collected. Web skimmers breach a network and plant malicious code in its infrastructure, thus stealing the information of all active users and sending them to the hackers in real-time.
“As soon as we identified the suspicious activity, our counsel engaged a leading cybersecurity firm to investigate the incident and took steps to enhance its monitoring tools and security controls. We are also offering you free identity monitoring services,” Active Network noted in the report.
Data Breaches Are Getting More Serious
The report of the hack is just the latest in a long line that is expected to increase as the year continues. Complete security on the Internet is fast becoming a myth these days, particularly for schools, as hackers are beginning to get more sophisticated in their attack methods.
— AT&T Cybersecurity (@attcyber) October 2, 2019
In 2019, data breach numbers took a significant upsurge. Over 500 schools in America were hit with ransomware attacks. Cybersecurity giant Norton also revealed a 54 percent increase in the number of breaches reported across the United States in the first half of the year compared to 2018, amounting to about 4 billion records exposed. With attackers becoming even more desperate, we could witness more attacks in 2020.
However, there are some upsides to expect, as well. On January 1, California’s Consumer Privacy Act (CCPA) came into effect, essentially putting customers’ data back into their control. The law, which is similar to the General Data Protection Regulation in Europe, ensures that consumers will have the right to know the information that companies have on them, a right to compel these companies to delete certain information, and the right to prevent the sale of such information. Tightening consumer protection laws might not be the cure-all that we expect, but they’re a proper place to start.
Images are courtesy of Twitter, Shutterstock, Pixabay.