Major data leak incident resulted into exposure of Students, Teachers, and School Staff members’ personal Information in the United States, the Caribbean and Latin America
04.08.2023Back to news
It was discovered that the Southern Association of Independent Schools, Inc (SAIS) database was non-password protected. SAIS is an organisation which supports schools of all types in the United States, the Caribbean and Latin America. On the corporate website, the SAIS is describedas "school's support system, heart home and strategic advisor", and it’s stated that it has over 390 member K-12 schools representing over 227,000 students.
The database, in question, contained over 680,000 records with a total size of 572.8 GB. The list of documents exposed is staggering:
- Student health information
- Teacher background checks
- Social Security Numbers (SSN)
- School maps
- Financial budgets and reports
- Tax records
- Teacher and staff salary information
- Third-party security reports and more.
The leaked documents of numerous formats, including PDF, Excel, PPTX, doc, docx, png, jpg, pages and others covered the period 2012-2023. Many of the documents also contained actual photographs of students, teachers and staff.
According to the incident report, the cybersecurity specialist who discovered the database immediately sent a responsible disclosure notice to SAIS. "The database was quickly secured from public access following the notification." - The report said.
School data leaks always have serious consequences. We have previously reported on the Dallas Schools Personal Data Leak that affected more than 22,000 staffers and 153,000 students from 230 schools. In the case of SAIS, however, it is not the sheer number of leaked records that is frightening, but rather the nature of the documents that have been exposed. Information from the database can be used by a wide range of fraudsters, what seriously endangers staff, students and teachers.
It is important for schools and educational institutions to take all necessary steps to mitigate the risks of such incidents, as they often keeplarge amounts of personal data. These steps include monitoring of data usage, implementing insider threat detection tools, taking preventative measures against cybercrime and complying with standards, regulations and legal requirements. Risk Monitor could be the perfect solution to this type of challenge. As educational institutions continue to embrace technology, they must remain vigilant and proactive in safeguarding their sensitive data to prevent similar incidents in the future.