On Wednesday, November 24th, 2021 a vulnerability in the software made by Apache called Log4j was disclosed to Apache directly by a Chinese firm called the Alibaba Cloud Security Team. This vulnerability was first recorded publicly on November 26th 2021. On December 10th, 2021 this was published by the National Vulnerability Database as a critical0 issue, one of the most severe kinds. Immediately upon publication of this report, our security team performed a full audit of all of our technologies and resources. At this time we were not aware of any systems using Log4j exposed to the public. Our security team completed the full audit and concluded we do not have any public facing systems employing Log4j services. We did identify one internal resource used for storing our software code that may be vulnerable. This is not a resource publicly accessible, however as a precaution we disabled the network connectivity to this device until the manufacturer is able to provide further information and a patch. Since the initial report, 2 additional reports of vulnerabilities have emerged, which have now been addressed with patches and have been applied to our internal coding resources.
Question: Were any Manage1to1 systems compromised?
Answer: No. No public or private systems were exploited.
Question: Is my data at risk?
Answer: No. The security protocols implemented by our team at Overwatch Data Services has ensured that no Manage1t01 products have been exposed to this vulnerability (or subsequent ones) at the time of this writing.
Question: Why are you telling me this information?
Answer: It is important to Manage1to1 that while we were not affected, that our customers know we care about the safety of the students and their data. This includes taking extra precautions wherever possible and communication as necessary.