Experts have uncovered a significant data breach involving a non-password-protected database containing more than four million records, totalling around 827GB, concerning private school data.
Cybersecurity researcher Jeremiah Fowler said the breach at Texas-based school security company Raptor Technologies includes sensitive school safety records and personally identifiable information relating to students, parents, and staff.
While reviewing a sample of the documents, Fowler discovered school layouts, information about malfunctioning cameras and security gaps, background checks, student health information, court-ordered protection orders, and more.
School data breach
Raptor Technologies has since taken action to secure the files, but how long they were leaked for and whether anybody else had gained access to them remains unconfirmed.
Fowler outlined hypothetical scenarios of misuse, emphasizing the huge risks associated with the exposed information that could prove to be seriously harmful to those involved, including schoolchildren and minors.
The report cites National Center for Education Statistics records, revealing that 276 elementary and secondary school casualties and 157 postsecondary school casualties had been documented between 2000 and 2021 in active shooter incidents.
Keen to stress that the schools involved in the breach are not necessarily at any immediate risk, these figures paint a bleak picture of the potential implications of such a data breach.
Fowler also noted that the revelation does not imply active exploitation (which remains unconfirmed, but unlikely). Rather, that stronger security measures and awareness of the vulnerabilities that such data exposures can present are his aim.
He adds: “I imply no wrongdoing or neglect by Raptor Technologies. I also do not imply that there are any threats or risks to the schools, students, or staff. Our goal is to inform and raise awareness about potential vulnerabilities for the benefit of better data protection measures and security practices.”
Raptor Technologies Chief Marketing Officer David Rogers told TechRadar Pro in an email: "We care deeply about the safety and wellbeing of children and all those community members our customers serve, which is exactly why we took prompt action when made aware by a cybersecurity researcher of an issue involving certain cloud-hosted data repositories. We secured the data repositories in question and communicated with our customers."
Rogers added: "Importantly, we have no evidence that there has been any misuse of the information stored in these data repositories. We are committed to safeguarding our customers’ information and their trust in line with our mission to protect every child, every school, every day."
More from TechRadar Pro
- Boost your cybersecurity with the best endpoint protection software and best firewalls
- Major data breach leaks highly sensitive donor records of multiple charities
- These are the best cloud storage providers to keep your data off-prem
