I received an email brief from K12 Six reporting on a data leak that was reported by Wired (1/11/24) - US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak.
The leak appears to be impacting schools using the Raptor Link and/or Visitor Management systems.
Some of the key points that they discussed on their member webinar were:
- "Thousands" of emergency planning documents from US schools-including their safety procedures
for active shooter emergencies-were leaked in an 800 GB trove of more than 4 million records from
2022-23 that were inadvertently made public, including:
- evacuation plans, with maps showing the routes students should take and where they should gather during
emergencies;
- details of students who pose a threat on campus;
- medical records;
- court documents relating to restraining orders and family abuse; and
- the names and ID numbers of staff, students, and their parents or guardians
The sources of the leak appear to be from 3 unsecured cloud storage buckets - Azure. The leaks appear to have been active since November. The data would have had to be uploaded by the schools.
I know that many school use this system for various reasons within their schools and want to make sure that everyone is aware of the issue and has an opportunity to inverstigate.
#CybersafetyandDataSecurity
{editied - 1/12/2024 @ 2:00pm}
From K12 Six
UPDATE #2 (1/12 @ 12:25pm): The media is picking up on this incident and drawing further attention to it.
------------------------------
William Stites
Montclair Kimberley Academy
Montclair NJ
------------------------------