Every year, hundreds of millions of files, personal records, and documents are accidentally exposed online.
Owners of dating apps, colossal marketing databases, and even a spy agency have published information to the web by leaving it in unsecured databases.
The regularity with which these leaks happen doesn't make them any less alarming-especially when the data is from thousands of schools.
Thousands of emergency planning documents from US schools-including their safety procedures for active shooter emergencies-were leaked in a trove of more than 4 million records that were inadvertently made public.
Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies.
The firm provides software that allows schools to track student attendance, monitor visitors, and manage emergency situations.
Raptor says its software is used by more than 5,300 US school districts and 60,000 schools around the world.
The highly sensitive cache of documents included evacuation plans, with maps showing the routes students should take and where they should gather during emergencies; details of students who pose a threat on campus; medical records; court documents relating to restraining orders and family abuse; and the names and ID numbers of staff, students, and their parents or guardians.
The exposed records appeared in three unsecured web buckets-the incident wasn't a hack-and are dated from 2022 and 2023, Fowler says.
Most of the records appeared to be from schools based in the US. The security researcher reported the leaked files to Raptor Technologies in December, and the firm quickly made them inaccessible.
Around 75 percent of the exposed documents appeared to be threat reports, details of safety drills, or related to emergency procedures, Fowler says.
These files document how individual schools would respond in specific emergencies and the results of their test events.
There is no evidence to show the files were accessed by a malicious person; however, the details they include could potentially be exploited by someone planning to attack a school.
Among more than 20 scenarios, it includes sections on bomb threats, hostage situations, gunshots at or near the school, if a student has weapons, and abductions.
Floor plans for some schools in the files include arrows from each classroom showing evacuation routes that students and staff should take.
Questions on the drill document also include whether noise or talking could be heard from nearby rooms and whether anyone answered the door when it was locked.
This Cyber News was published on www.wired.com. Publication date: Thu, 11 Jan 2024 12:43:04 +0000