A cyberattack on Mobile Guardian, a UK-based provider of educational device management software, caused system outages in schools around the world, leaving thousands of students unable to access their files.
Mobile Guardian confirmed the cyber attack in a statement on its website, saying it had confirmed “unauthorized access to iOS and ChromeOS devices registered on the Mobile Guardian platform.”
The company said the cyber attack “affected users around the world,” including in North America, Europe and Singapore, and that the incident led to an unspecified number of users' devices being deregistered from the platform and “remotely wiped.”
“Currently, users will be unable to log into the Mobile Guardian platform and students will have limited access to their devices,” the company said.
Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage the entire fleet of devices used by their employees and students.
Singapore's Ministry of Education, which has been touted on Mobile Guardian's website since 2020 as the company's main client, said in a statement overnight that thousands of student devices were remotely wiped during the cyber attack.
“Preliminary investigations indicate that the devices of approximately 13,000 students across 26 secondary schools in Singapore were remotely wiped by perpetrators,” Singapore's Ministry of Education said in a statement.
The department said it would remove the Mobile Guardian software from affected student devices, including iPads and Chromebooks.
TechCrunch has seen several social media posts from US school staff and students complaining of service outages and being unable to access content, with one post including a photo of iPads piled high on a desk in a Singapore school's IT department that needed to be set up as a result of the Mobile Guardian cyberattack, according to the poster.
Mobile Guardian has more than 2,500 school clients in over 50 countries around the world, according to a Singapore government report released in May following an earlier cybersecurity incident.
TechCrunch asked MobileGuardian CEO Patrick Lawson a few questions about the incident, including whether the company received any contact from the apparent threat and whether it reported the incident to the UK's data protection watchdog, the ICO, and whether Mobile Guardian has a head of cybersecurity.
MobileGuardian's Lawson corrected a typographical error in the company's statement that we pointed out in our email seeking comment, but did not respond to multiple inquiries from our company.
Want to know more about the Mobile Guardian cyberattack? Have you been a victim? Let us know. You can contact this reporter on Signal and WhatsApp (+1 646-755-8849) or by email. You can send us files and documents via SecureDrop.