Chan Chun Sing: MOE takes legal action against contractors over Mobile Guardian cybersecurity breach
The Ministry of Education has initiated legal action against contractors following a Mobile Guardian cybersecurity breach in August, Minister Chan Chun Sing informed Parliament on 10 September. MOE has removed Mobile Guardian, upgraded its cybersecurity measures, and is working on a new device management solution, set to be implemented by January next year.
SINGAPORE: The Ministry of Education has initiated legal action against relevant contractors following a cyberattack on Mobile Guardian that impacted 13,000 users across 26 secondary schools.
Minister for Education Chan Chun Sing reported in Parliament on 10 September that approximately one in six of the affected users experienced some data loss due to the breach of the device management app.
Mr Chan addressed questions from Members of Parliament regarding MOE's measures to prevent future incidents and the support provided to students.
In response to the cyberattack, Mobile Guardian was removed from all iPads and Chromebooks the day after the breach. MOE has mandated that its IT service providers maintain stringent cybersecurity standards.
Forensic investigations conducted by MOE, GovTech, and the Cyber Security Agency of Singapore (CSA) revealed a new vulnerability in Mobile Guardian's system that could facilitate further attacks.
Consequently, MOE has decided to discontinue the use of Mobile Guardian for all personal learning devices and is exploring alternatives for a new device management app, with plans to roll out the new solution by January next year.
Minister Chan also expressed gratitude to the vigilant member of the public who reported the potential vulnerability.
In April, a data breach occurred due to poor password management at Mobile Guardian, which allowed unauthorized access. MOE required Mobile Guardian to secure admin accounts and conduct a forensic investigation, leading to security enhancements that were deployed by May 31.
In July, a misconfiguration error by a Mobile Guardian engineer caused connectivity issues with personal learning devices (PLDs), which was resolved through an online update.
However, the cyberattack on August 4 resulted in the remote wiping of 13,000 personal learning devices, representing about 8 percent of devices used by the secondary school population.
Minister Chan emphasised that despite these challenges, technology remains a valuable tool in education and will continue to be embraced to enhance learning experiences.
