Cybersecurity Company Discovers Vulnerability in Edulog’s Platform, Allowing Bad Actors to Access Student Location Info | Console and Associates, P.C. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

On December 13, 2023, Tenable, a leading cybersecurity firm, announced that it discovered a vulnerability in a school-tracking app created by Education Logistics, Inc., d/b/a/ Edulog (“Edulog”). In this notice, Tenable explains that the incident resulted in an unauthorized party being able to access data regarding students, their schools, parents, bus routes, GPS information, and proximity to given bus stops.

If you received a data breach notification from Edulog or believe that your child’s information was leaked as a result of the Edulog data breach, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Edulog data breach. For more information, please see our recent piece on the topic here.

How Did Edulog Leak Student Information?

The Edulog data breach was only recently announced, and more information is expected in the near future. However, Tenable published a report regarding its findings. According to this source, Edulog typically requires users to create a login with a code that is provided by their child’s school. However, Tenable discovered that student information was accessible to those who created a free account (without a login code provided by the school). Thus, anyone who wanted to could have created a free Edulog account and accessed sensitive information about students provided they had knowledge of the vulnerability.

In fact, to verify its discovery, Tenable researchers registered for an account and accessed large amounts of potentially sensitive information without the need for any sort of verification or registration code.

Edulog has not yet notified parents about the vulnerability, and it does not appear as though the company intends to provide notification in the future. In fact, when Tenable asked Edulog if it planned to notify consumers and affected parties about the vulnerability, Edulog responded that it had no plans to do so.

More Information About Edulog

Education Logistics, Inc., better known as Edulog, is a software company and app developer based out of Missoula, Montana. Edulog creates software for school districts that allows administration and parents to track school bus locations. Edulog also provides route-planning software and created a parent portal for parents to obtain real-time access to the location of their child’s school bus. Edulog employs more than 121 people and generates approximately $22 million in annual revenue.


Click Here For The Original Source.

National Cyber Security