Cyberattack knocks Mobile Guardian MDM offline and wipes thousands of student devices

A cyberattack on Mobile Guardian, a U.K.-based provider of educational device management software, has sparked outages at schools across the world and left thousands of students unable to access their files. 

Mobile Guardian acknowledged the cyberattack in a statement on its website, saying it identified “unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform.”

The company said the cyberattack “affected users globally,” including in North America, Europe and Singapore, and that the incident resulted in a portion of its userbase having their devices unenrolled from the platform and “wiped remotely.”

“Users are not currently able to log in to the Mobile Guardian Platform and students will experience restricted access on their devices,” the company said.

Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices, and the people who use them.

Singapore’s Ministry of Education, touted as a significant customer of Mobile Guardian on the company’s website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. 

“Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator,” the Singaporean education ministry said in a statement. 

The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.

TechCrunch has seen several posts on social media from U.S. school staff and students alike claiming that they are experiencing outages and unable to access their content. One post includes a photo of a pile of iPads on a desk in one Singaporean school’s IT department that have to be set-up as a result of the Mobile Guardian cyberattack. 

It’s not clear who, if anyone, at Mobile Guardian is responsible for cybersecurity. 

TechCrunch sent several questions to MobileGuardian chief executive Patrick Lawson about the incident, including whether the company has received any communication from the apparent threat actor, and if the company has reported the incident to the U.K. data protection watchdog, the ICO. 

MobileGuardian’s Lawson fixed a typo in the company’s statement that we pointed out in our email requesting comment, but did not respond to our multiple inquiries.

Do you know more about the Mobile Guardian cyberattack? Are you affected? Get in touch. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849, or by email. You can send files and documents via SecureDrop.