US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak

Every year, hundreds of millions of files, personal records, and documents are accidentally exposed online.
Owners of dating apps, colossal marketing databases, and even a spy agency have published information to the web by leaving it in unsecured databases.
The regularity with which these leaks happen doesn't make them any less alarming-especially when the data is from thousands of schools.
Thousands of emergency planning documents from US schools-including their safety procedures for active shooter emergencies-were leaked in a trove of more than 4 million records that were inadvertently made public.
Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies.
The firm provides software that allows schools to track student attendance, monitor visitors, and manage emergency situations.
Raptor says its software is used by more than 5,300 US school districts and 60,000 schools around the world.
The highly sensitive cache of documents included evacuation plans, with maps showing the routes students should take and where they should gather during emergencies; details of students who pose a threat on campus; medical records; court documents relating to restraining orders and family abuse; and the names and ID numbers of staff, students, and their parents or guardians.
The exposed records appeared in three unsecured web buckets-the incident wasn't a hack-and are dated from 2022 and 2023, Fowler says.
Most of the records appeared to be from schools based in the US. The security researcher reported the leaked files to Raptor Technologies in December, and the firm quickly made them inaccessible.
Around 75 percent of the exposed documents appeared to be threat reports, details of safety drills, or related to emergency procedures, Fowler says.
These files document how individual schools would respond in specific emergencies and the results of their test events.
There is no evidence to show the files were accessed by a malicious person; however, the details they include could potentially be exploited by someone planning to attack a school.
Among more than 20 scenarios, it includes sections on bomb threats, hostage situations, gunshots at or near the school, if a student has weapons, and abductions.
Floor plans for some schools in the files include arrows from each classroom showing evacuation routes that students and staff should take.
Questions on the drill document also include whether noise or talking could be heard from nearby rooms and whether anyone answered the door when it was locked.


This Cyber News was published on www.wired.com. Publication date: Thu, 11 Jan 2024 12:43:04 +0000


Cyber News related to US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak

US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak - Every year, hundreds of millions of files, personal records, and documents are accidentally exposed online. Owners of dating apps, colossal marketing databases, and even a spy agency have published information to the web by leaving it in unsecured ...
1 year ago Wired.com
CISA and Fauquier County Hold K-12 Active Shooter Exercise - NOKESVILLE, Va. - The Cybersecurity and Infrastructure Security Agency, in partnership with the Fauquier County Sheriff's Office, the Fauquier County Fire Rescue System, and Fauquier County Public Schools, successfully conducted a full-scale active ...
9 months ago Cisa.gov
Data theft plaguing K-12 schools after holiday season attacks - Schools across the U.S. remain fertile targets for hackers, with a slate of K-12 entities contending with cyberattacks and data thefts following the holiday season. Since the start of the year, a handful of schools have reported data breaches ...
1 year ago Therecord.media
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
School Wi-Fi Security Guidelines - When choosing a strong Wi-Fi password for your school network, it is crucial to follow proper guidelines to ensure maximum security. School network security heavily relies on robust Wi-Fi encryption and effective wireless network protection measures. ...
1 year ago Securityzap.com
CVE-2021-47465 - In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became ...
10 months ago Tenable.com
Inside America's School Internet Censorship Machine - When it was passed in 2000, CIPA was immediately challenged by the American Library Association and the ACLU, which argued in a series of lawsuits that that the law's web-filtering requirement placed unconstitutional restrictions on library patrons' ...
1 year ago Wired.com
Major Database Security Threats and How to Prevent Them | Tripwire - Cybercriminals can also attempt to seize control of the organization’s data management system, altering privileges so they can gain database access at any time. Data loss prevention (DLP) solutions can do a lot to prevent occurrences like ...
6 months ago Tripwire.com
Classes cancelled as 'sinister' school cyber-attacks rise - BBC. Cancelled lessons and snaking lunchtime queues are among the ways pupils are being affected by an increasing number of cyber attacks on schools. New figures from the Information Commissioner's Office show 347 cyber incidents were reported in the ...
11 months ago Bbc.com
Multiple colleges, K-12 schools facing outages after cyberattacks - Several K-12 schools, colleges and universities are dealing with significant technology outages due to cyberattacks this week. A spokesperson for North Carolina Central University told Recorded Future News that the school was alerted to a cyberattack ...
1 year ago Therecord.media
Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
1 year ago Feeds.dzone.com
Attempted extortion of UK school by ransomware group using confidential information about vulnerable children - On Thursday, the Vice Society ransomware group claimed to have stolen sensitive data from Guildford County School, the latest British educational institution to be victimized. Hundreds of files, believed to have been taken from the school on January ...
2 years ago Therecord.media
Apex Legends esports final delayed by hack claims - Apex Legends is a battle royale-style online multiplayer game launched as a competitor to Fortnite. The North American esports final of online shooter Apex Legends has been postponed following claims of hacking. Clips shared by players show unwanted ...
1 year ago Packetstormsecurity.com
Hackers email stolen student data to parents of Nevada school district - The Clark County School District in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack. CCSD is the fifth largest school district in the US, ...
1 year ago Bleepingcomputer.com
As SAT Goes Digital, Schools Must Prepare for Disruption - COMMENTARY. As technology continues to reshape every aspect of our lives, it is no surprise that even time-honored institutions like the Scholastic Aptitude Test are embracing the digital revolution. In 2024, the College Board, the organization ...
1 year ago Darkreading.com
Top 7 Database Security Best Practices - Whether you're managing sensitive customer information or intricate analytics, database security should be at the top of your priority list. This article dives deep into the top 7 database security best practices that will help you fortify your ...
10 months ago Securityboulevard.com
West Virginia students returning to class after days-long outage following cyberattack - Nearly 20,000 students in West Virginia were forced to miss classes on Monday due to a cyberattack that crippled their school. Berkeley County Schools said on Friday it was experiencing an internet and phone outage on Friday and spent the weekend ...
2 years ago Therecord.media
K-12 schools in Tucson, Nantucket respond to cyberattacks - Schools in Tucson, Arizona, and Nantucket, Massachusetts, are dealing with cyberattacks as U.S. schools continue to face a barrage of threats in the first weeks of 2023. A spokesperson from Tucson Unified School District told The Record that they ...
2 years ago Therecord.media
Clint Independent School District Increases Cloud Visibility For Improved Threat Detection - Clint ISD, a District of Innovation, knows how important cloud security and safety are for their community Background. After speaking to Chief Technology Officer Michael Tapia, you'd be hard-pressed to find another school district more committed to ...
1 year ago Securityboulevard.com
Pennsylvania's Scranton School District dealing with ransomware attack - Schools in Scranton, Pennsylvania, are dealing with a ransomware attack, the district confirmed in a Friday message to students. On Facebook, the Scranton School District warned that it is dealing with widespread technology outages as a result of the ...
1 year ago Therecord.media
Sellafield nuclear site hacked by groups linked to Russia and China - The UK's most hazardous nuclear site, Sellafield, has been hacked into by cyber groups closely linked to Russia and China, the Guardian can reveal. Sources said breaches were first detected as far back as 2015, when experts realised sleeper malware - ...
1 year ago Theguardian.com
A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay - After the security firm Mandiant had its X account compromised earlier this month, the US Securities and Exchange Commission dealt with a similar intrusion this week. Attackers wrested control of the agency's account for more than half an hour and ...
1 year ago Wired.com
Android game dev's Google Drive misconfig highlights cloud security risks - Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. The ...
1 year ago Bleepingcomputer.com
The 'Emergency Powers' Risk of a Second Trump Presidency - Donald Trump appears to dream of being an American authoritarian should he return to office. The former US president, who on Tuesday secured enough delegates to win the 2024 Republican nomination, plans to deport millions of undocumented immigrants ...
1 year ago Wired.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
11 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)