Aeries software recently announced a data breach. I didn’t see it, but a reader kindly stuck it under my cybernose today so that i could portion it with you. The software firm’s observation of April 27 applies to hosted customers of their Aeries Student info System. From their notice: What Happened? in late november 2019, Aeries Software became aware of unauthorized attempts to access data through the Aeries SIS. in response, we immediately began an investigation into whether these attempts had been successful and, if so, how they had been accomplished, what impact, if any, they may have had on data, and what steps we could take to thwart future unauthorized access to data through the Aeries SIS using the same or similar means. At the time, internal investigation did not reveal any compromise of the Aeries SIS or data. Nevertheless, Aeries Software deployed a series of security patches in the December 20, 2019 version of the Aeries sis which addressed the results of our internal investigation. Then, in late January 2020, we were informed by a locally hosted district that their database may have been previously subject to unauthorized access, they had informed local authorities, and a criminal investigation was underway. We now understand that the investigation by the authorities is ongoing and we are working closely with local law enforcement and federal authorities as well as the district to regulate what transpired, by whom it was perpetrated, and what impact, if any, it may have had on data. In working with the district and law enforcement officials, in mar 2020 we were able to expand our earlier investigation with the new info as to the methods used by the individuals who had accessed data without authorization. Specifically, we determined that the unauthorized access had included parent and Student Login information, physical residence addresses, emails, and password hashes. With access to a password hash, weak, common or simple passwords, canful be deconstructed to gain unauthorized access to parent and Student Accounts. According to the results of our investigation, there is evidence to suggest that your database in our Hosted environment may have been one of 166 databases topic to unauthorized access on or about november 4th, 2019. However, we understand the perpetrators experience been taken into detention and the unauthorized access has been terminated. i cannot find any news reporting of any check and emailed Aeries to inquire whether they had any additional info on the perpetrators or arrest, but there was no immediate response to inquiries. This post will be updated if a reception is received. What information Was Involved? at the moment, our investigation has revealed pupil Permanent IDs, parent and pupil Login information, physical addresses, emails, and passwords hashes may have been subject to unauthorized access. For more information from Aeries including recommended steps to protect information, check their full notice.