One-sentence summary:
Brightly Software, a child company of Siemens, via their SchoolDude platform, was breached in March 2023, affecting almost 3 million accounts.
Who was involved?
Brightly Software, Inc. (a subsidiary of Siemens), SchoolDude, 2,964,292 SchoolDude accounts, and a threat actor.
What was the timeline?
April 20, 2023: Breach starts
April 28, 2023: Brightly detects the breach
May 11, 2023: Brightly begins consumer notification
What occurred?
Brightly Software’s SchoolDude user database was breached in April 2023, resulting in the potential disclosure of the following information for over 2,964,292 SchoolDude accounts: “name, email address, account password, phone number (if added to the account), school district name” (Brightly Software, 2023, p. 1; Welling, 2023).
Estimated costs:
Associated incident response costs, breach notification costs, “industry-leading security experts”
Involved laws:
State: Maine: 10 M.R.S.A. § 1346
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Brightly Software. (2023). Incident Email_User_5.11.2023_Redacted.pdf. In Data Breach Notifications. Office of the Maine Attorney General. Retrieved May 14, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/5da35692-18a7-4cdf-acbe-5fe1a955e406.shtml
Brightly Software (thevpn guru). (2023, May). Brightly-Software-Data-Breach.jpeg. thevpn.guru. https://thevpn.guru/wp-content/uploads/2023/05/Brightly-Software-Data-Breach.jpeg
Welling, M. (2023). Data Breach Notifications. In Privacy, Identity Theft and Data Security Breaches. Office of the Maine Attorney General. Retrieved May 14, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/5da35692-18a7-4cdf-acbe-5fe1a955e406.shtml