This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

SkoolBag

Summary

SkoolBag, a widely-used school communication app operated by MOQdigital, was caught up in a global data breach in January 2019 that exposed the personal information of Australian parents, teachers, and school administrators. The platform, used by hundreds of schools across Australia to send newsletters, permission slips, and alerts to parents, had user credentials compromised in the breach. The incident raised serious concerns about the security of education technology platforms entrusted with children's information.

What Happened

Hacking. SkoolBag's user database was compromised as part of a broader global data breach known as "Collection #1", a massive trove of stolen credentials posted to hacking forums. The breach exposed email addresses, usernames, and passwords of SkoolBag users including parents, teachers, and school administrators. The platform provided schools with tools to communicate with parents through mobile apps and web portals, meaning the compromised accounts could potentially grant access to school communities and student-related information. Many Australian schools relied on SkoolBag as their primary digital communication channel with families.

Impact on Individuals

  • Parent Account Access: Attackers could potentially access school communications and student information
  • Password Reuse Risk: Parents who used the same password across multiple accounts faced account takeover threats
  • School Community Exposure: Information about school events, student activities, and family contacts compromised
  • Phishing Targeting: Email addresses linked to specific schools enabled targeted scam campaigns
  • Trust Erosion: Parents' confidence in school communication platforms undermined
  • Child Safety Concerns: Information about children's schools and activities potentially accessible to bad actors

The breach was particularly concerning because it involved an app that connected directly to children's education and school communities.

Response

MOQdigital, the owner of SkoolBag, immediately notified affected users and forced password resets across the platform. The company worked with cybersecurity experts to investigate the breach and determine the extent of data exposure. Schools using SkoolBag were advised to notify their parent communities about the breach and encourage them to update passwords not just for SkoolBag but for any other accounts where they had used the same credentials. MOQdigital implemented enhanced security measures including improved password hashing and monitoring systems. The incident prompted discussions within Australia's education sector about the security practices of third-party communication platforms and the need for stronger vendor security requirements before schools adopt new technologies. +++

Verification Source: View original statement