DATA BREACH: School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online
Syndicated By: Iain Fraser - Cybersecurity Journalist Gibraltar
28th July 2023
School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS).
In my many years as a security researcher, I have seen everything from millions of credit card numbers and health records, to internal documents from organizations of all sizes. However, this discovery is among the most sensitive data collections I have ever encountered. The database contained a diverse collection of sensitive records that, when exposed, could unlock a wide range of potential risks. The files included multiple types of student and teacher records, health information, teacher background checks and social security numbers (SSN), active shooter and lockdown notifications, maps of schools, financial budgets, and much more. The documents ranged in date from 2012-2023.
One of the most interesting things I saw was third-party security reports marked as confidential that reviewed weaknesses in school security, locations of cameras, access and entry points, and more. These documents could pose a potentially serious real world security risk to the safety of students and teachers. I immediately sent a responsible disclosure notice to SAIS and received a reply thanking me for the notification and promising that they would take action. The database was quickly secured from public access. Learn More /...
0 Comments :
Post a Comment
Note: only a member of this blog may post a comment.