Tarrant County school officials say their districts weren’t affected by the massive data leak at the school security company, according to the Fort Worth Star-Telegram, which reported on the incident last week.
The news outlet reported that cybersecurity researcher Jeremiah Fowler spotted the leak that included details about background check systems, security gaps and school layouts.
Writing for the cybersecurity company vpnMentor, Fowler said the breach could have real-world consequences if the wrong people accessed the information while it was public. Information about school security systems could help bad actors exploit gaps and vulnerabilities, he wrote.
Also exposed during the breach were court records like divorce and custody documents, health records documenting students’ medical conditions, and reports identifying students who were involved in incidents at school. Some of the information included in those documents could make students and their families vulnerable to fraud, Fowler wrote.
In late 2022, Raptor Technologies told Industry Insider — Texas that the company’s original visitor management system had grown in two decades to an integrated school safety software company that some 50,000 K-12 schools across the nation had chosen to address the aspects of campus safety and security.
The company explained during the interview that these records may become part of the system because school officials need to know who is responsible for child pickup, for example, while volunteers are vetted before being added to rosters. High-risk student behavior may also show up in the system after incident reporting.
Wired Magazine reported Thursday on the event and quoted David Rogers, Raptor’s chief marketing officer, as saying the company “immediately implemented remediation protocols” to secure exposed data once it was contacted and started an investigation into the issue.
“We have communicated with all Raptor customers … . There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he said, adding there was no reason to believe there has been misuse of the information.
According to the Star-Telegram, officials in the Fort Worth, Arlington, Crowley, Keller, Hurst-Euless-Bedford and Northwest independent school districts confirmed that they didn’t have sensitive information disclosed during the leak.
Spokespeople in several of those districts said they use Raptor’s systems to manage information like attendance, volunteer schedules and campus visitors, but don’t store sensitive information like student data, incident response plans or evacuation protocols there.