School software breach reveals private data on millions of users

A computer screen showing a spreadsheet in use.
(Image credit: 123RF)

Experts have uncovered a significant data breach involving a non-password-protected database containing more than four million records, totalling around 827GB, concerning private school data.

Cybersecurity researcher Jeremiah Fowler said the breach at Texas-based school security company Raptor Technologies includes sensitive school safety records and personally identifiable information relating to students, parents, and staff.

While reviewing a sample of the documents, Fowler discovered school layouts, information about malfunctioning cameras and security gaps, background checks, student health information, court-ordered protection orders, and more.

Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

School data breach

Raptor Technologies has since taken action to secure the files, but how long they were leaked for and whether anybody else had gained access to them remains unconfirmed.

Fowler outlined hypothetical scenarios of misuse, emphasizing the huge risks associated with the exposed information that could prove to be seriously harmful to those involved, including schoolchildren and minors.

The report cites National Center for Education Statistics records, revealing that 276 elementary and secondary school casualties and 157 postsecondary school casualties had been documented between 2000 and 2021 in active shooter incidents.

Keen to stress that the schools involved in the breach are not necessarily at any immediate risk, these figures paint a bleak picture of the potential implications of such a data breach.

Fowler also noted that the revelation does not imply active exploitation (which remains unconfirmed, but unlikely). Rather, that stronger security measures and awareness of the vulnerabilities that such data exposures can present are his aim.

He adds: “I imply no wrongdoing or neglect by Raptor Technologies. I also do not imply that there are any threats or risks to the schools, students, or staff. Our goal is to inform and raise awareness about potential vulnerabilities for the benefit of better data protection measures and security practices.”

Raptor Technologies Chief Marketing Officer David Rogers told TechRadar Pro in an email: "We care deeply about the safety and wellbeing of children and all those community members our customers serve, which is exactly why we took prompt action when made aware by a cybersecurity researcher of an issue involving certain cloud-hosted data repositories. We secured the data repositories in question and communicated with our customers."

Rogers added: "Importantly, we have no evidence that there has been any misuse of the information stored in these data repositories. We are committed to safeguarding our customers’ information and their trust in line with our mission to protect every child, every school, every day."

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!