IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Houston-Based School Security Company Says Leak Contained

Multiple media outlets reported a security breach at Raptor Technologies, which serves some 50,000 schools across the country.

Illustration of a computer circuit board with a closed lock in the middle.
Raptor Technologies, a Houston-based school safety software firm, inadvertently leaked a cache of more than 4 million records from school districts nationwide, including incident response plans and campus evacuation routes. The company quickly made the files inaccessible after a security researcher reported the leak last month.

Tarrant County school officials say their districts weren’t affected by the massive data leak at the school security company, according to the Fort Worth Star-Telegram, which reported on the incident last week.

The news outlet reported that cybersecurity researcher Jeremiah Fowler spotted the leak that included details about background check systems, security gaps and school layouts.

Writing for the cybersecurity company vpnMentor, Fowler said the breach could have real-world consequences if the wrong people accessed the information while it was public. Information about school security systems could help bad actors exploit gaps and vulnerabilities, he wrote.

Also exposed during the breach were court records like divorce and custody documents, health records documenting students’ medical conditions, and reports identifying students who were involved in incidents at school. Some of the information included in those documents could make students and their families vulnerable to fraud, Fowler wrote.

In late 2022, Raptor Technologies told Industry Insider — Texas that the company’s original visitor management system had grown in two decades to an integrated school safety software company that some 50,000 K-12 schools across the nation had chosen to address the aspects of campus safety and security.

The company explained during the interview that these records may become part of the system because school officials need to know who is responsible for child pickup, for example, while volunteers are vetted before being added to rosters. High-risk student behavior may also show up in the system after incident reporting.

Wired Magazine reported Thursday on the event and quoted David Rogers, Raptor’s chief marketing officer, as saying the company “immediately implemented remediation protocols” to secure exposed data once it was contacted and started an investigation into the issue.

“We have communicated with all Raptor customers … . There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he said, adding there was no reason to believe there has been misuse of the information.

According to the Star-Telegram, officials in the Fort Worth, Arlington, Crowley, Keller, Hurst-Euless-Bedford and Northwest independent school districts confirmed that they didn’t have sensitive information disclosed during the leak.

Spokespeople in several of those districts said they use Raptor’s systems to manage information like attendance, volunteer schedules and campus visitors, but don’t store sensitive information like student data, incident response plans or evacuation protocols there.