Exploit: Unauthorized database access
Active Network: Educational software developer

Risk to Small Business: 1.888 = Severe: Hackers infiltrated Active Network’s IT infrastructure and gained access to customers’ personally identifiable information. Bad actors had access to the network between November 1, 2019 and November 13, 2019, but the company didn’t identify the breach until December. The breach is limited to the Active Network’s Blue Bear software platform used by public K-12 schools. This incident is an irrevocable stain on a company operating in an industry that demands data privacy as a prerequisite for doing business, meaning this breach could have significant negative consequences for their business in the future.

Individual Risk: 2.287 = Severe: Hackers accessed users names, payment card expiration dates and security codes, and Blue Bear account usernames and passwords. However, Social Security numbers, driver’s license numbers, and government ID numbers were not included in the breach. Every Blue Bear user should reset their account passwords, and those impacted by the breach should notify their financial institutions of the event. Active Network is offering free identity monitoring services to victims and enrolling in this service can help ensure that their personal information isn’t misused now or in the future.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:Brand reputation is a cherished and hard-earned standard that can quickly erode when a data breach strikes. With more consumers demanding a track record of high data security standards before doing business with a company, organizations have every incentive to build their reputation on the bedrock of strong data security procedures. Simply put, to remain competitive in today’s digital environment, businesses can’t just talk about data security, they actually have to protect customers’ information.

Source: https://www.scmagazine.com/home/security-news/data-breach/school-software-vendor-active-network-suffers-data-breach/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.