13,000 Devices Wiped by Mobile Guardian MDM Cyberattack

A recent cyberattack on Mobile Guardian, a UK-based provider of mobile device management (MDM) software, has left thousands of students worldwide without access to their school work and files. The attack, which occurred on August 4th, resulted in unauthorized access to iOS and ChromeOS devices, leading to a mass data wipe.

As reported by TechCrunch, the attack has had a particularly severe impact in Singapore, where the Ministry of Education reported that approximately 13,000 student devices were wiped across 26 secondary schools. The Ministry stated, “Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator.” This prompted the Ministry to discontinue the use of Mobile Guardian’s software across its fleet of devices.

The ramifications of this breach have been felt globally. Mobile Guardian, which serves over 2,500 schools in more than 50 countries, confirmed that the attack affected users in North America and Europe as well. In an official statement, the company acknowledged that a small percentage of iOS devices had been unenrolled from the Mobile Guardian platform and wiped, though it reassured that “there is no evidence to suggest that the perpetrator had access to users’ data.”

Following the breach, Mobile Guardian took its servers offline to prevent further damage and launched an investigation into the incident.

This attack is the latest in a string of issues for Mobile Guardian. Earlier this year, the company faced another security incident that exposed the names and email addresses of parents and school staff from 127 Singaporean schools. Additionally, just last week, a configuration error in Singapore prevented some students from accessing the internet on their devices, as noted by The Register.

The Singapore Ministry of Education, a significant client of Mobile Guardian since 2020, is now considering alternative ways to secure its devices while the company addresses its ongoing security challenges. In the meantime, the ministry has deployed additional IT teams to assist schools in managing the fallout from the cyberattack.

Unfortunately, this incident is not an isolated one; educational institutions have increasingly become targets for cyberattacks. For instance, the MOVEit breach last year compromised the data of New York City students, showcasing a troubling trend of attackers exploiting vulnerabilities in educational systems.