Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach.
The hackers gained access to Blue Bear, a cloud school accounting software customized especially for K-12 schools and districts to help manage and simplify schools’ activity fund accounting.
According to Active Network data breach notice, parents who accessed Blue Bear-based web store to pay school fees or buy books and other material between October 1, 2019, and November 13, 2019, might have had their personal data stolen.
Exposed data include name, store username and password, payment card number, payment card expiration date, and payment card security code.
“We recently identified suspicious activity on the Blue Bear platform. Our investigation determined the activity related to Blue Bear
“While we are unable to determine with certainty whether your personal information was affected, the personal information involved may have included: name, credit card or debit card number ending in <>, expiration date and security code (the three or four-digit value included on the front or back of payment cards and used for verification of certain transactions), and Blue Bear account usernames and passwords. This incident did not involve unauthorized access to Social Security numbers, driver license numbers, or similar government ID card numbers.”
The company reported the issue to the California Attorney General’s office and launched an investigation with the help of a leading cybersecurity firm. The Abington Cole and Ellery law firm
Based on the information disclosed by Active Network, the attackers were able to compromise the platform and plant a software skimmer designed to collect users’ payment card data while they were finalizing their purchases through Blue Bear software.
In October 2019, the Federal Bureau of Investigation (FBI) has released an alert
E-skimming attacks were initially observed in the wild in 2016, their number rapidly increased since then. In the last years, numerous attacks involving software skimmers were carried out by threat actors under the Magecart umbrella.
The attacks used various techniques across the time to carry out an e-skimming attack, such as exploiting flaws in the e-commerce platform (i.e. Magento, OpenCart). In other attacks, hackers have compromised plugins used by e-commerce platforms in a classic supply chain attack or have injected software skimmers inside a company’s cloud hosting account that was poorly protected.
Another attack scenario sees hackers targeting the administrators of the platform with social engineering attacks in an attempt to obtain his credentials and use them to plant the malicious code in the e-store.
According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.
Active Network announced to have taken steps to enhance its monitoring tools and security controls, the company is also offering users free identity monitoring services.
An Active Network spokesperson could not be immediately reached over the weekend for additional insights and comments.
(SecurityAffairs – Active Network, data breach)