Overview
- The ministry, which disclosed the breach Tuesday, traced it to a hijacked staff account that exploited a flaw linked to EduConnect.
- Stolen information includes student names, EduConnect IDs, school, class, and emails when listed, along with activation codes for accounts that had not yet been set up.
- Activated EduConnect logins were not compromised, and officials reset all exposed activation codes and blocked accounts that were still unopened.
- Investigators found the attacker downloaded records beyond the first school targeted, and the total number of students affected is still being assessed.
- The government formed a crisis unit, suspended the affected tool, alerted ANSSI and the CNIL, filed a complaint, and began rolling out two-factor login, while warning families about phishing by email, text, or phone.