On September 21, the Mount Diablo Unified District notified parents of a breach involving the SchoolMessenger app by Intrado. Their letter explains that on September 14, 2020, the district was informed that
“when certain parents were using the SchoolMessenger mobile application, they were able to view a list of roughly thirty (30) unique names, emails, and phone numbers not associated with their family. “
After verifying the problem, the district contacted Intrado,
the parent company for SchoolMessenger, to shut down all parent access to the SchoolMessenger application.
Intrado’s investigation revealed that they had made a coding error, and that due to their coding error, “the SchoolMessenger application randomly disclosed other parent’s and student’s contact information (names, email, and phone numbers) to parents accessing their application.”
Did this Intrado coding error affect all of their SchoolMessenger clients? When did it occur? DataBreaches.net sent an inquiry to Intrado, but has received no reply as yet. This post will be updated if a reply is received.