Cybersecurity researcher Jeremiah Fowler uncovered a significant data breach involving the exposure of an estimated 4 million records, containing sensitive school safety information and personally identifiable information (PII) of students, parents, and school staff.
The breach initially reported to vpnMentor, involved a non-password-protected database housed in three separate cloud storage buckets.
The exposed documents, totaling 4,024,001 records, belonged to Raptor Technologies, a Texas-based school security company. Fowler’s responsible disclosure prompted swift action from the company, securing the database and restricting public access the following day. The duration of the exposure remains unknown, raising concerns about potential malicious access.
Among the compromised data were school incident response plans, layouts of schools or classrooms, background check system details, documents related to at-risk students, court-ordered protection orders, and monthly drills’ documentation. Raptor Technologies, known for its school safety software and services, serves over 60,000 schools worldwide, potentially impacting nearly 40% of American schools.
Fowler detailed the breakdown of records within the exposed storage repositories, highlighting the extensive nature of the breach across production, staging, and testing environments. The breached information encompassed internal details critical to the functioning of Raptor Technologies’ systems.
The exposed data poses hypothetical risks, as Fowler discussed potential consequences if accessed by malicious actors. Examples include the misuse of court records for identity theft, exploitation of health records for fraud, embarrassment or stigmatization of students through incident reports, and the exploitation of detailed school maps for malicious purposes.
