Personal Information of 1.3 Million K-12 Students Exposed in Data Breach

A file configuration error exposed personal data that may have included Social Security numbers

Personal Information of 1.3 Million K-12 Students Exposed in Data Breach
Image: Pixabay
May 4, 2017

A data breach at a company in California resulted in the exposure of 1.3 million students' personal information.

Schoolzilla is a student data warehouse platform that services K-12 schools. It announced the incident to its clients in an April 12 notice on its website: "A well-known computer security researcher was doing a targeted analysis of Schoolzilla when he uncovered a file configuration error."

Chris Vickery, a member of the Kromtech Security Research Team, found the breach in early April while searching the Internet for what he calls an "all too common" file configuration error in Amazon cloud storage devices.

The Schoolzilla device he found included a database containing personal data for more than one million students in the U.S., including some Social Security numbers. He deleted the database from his own computer when he realized the information belonged to minors.

"The sheer volume of private student data, including [test] scores and social security numbers for children, convinced me that it should be purged from my storage in an expedited fashion," he said.

According to Vickery, Schoolzilla fixed the problem and secured the students' information within 24 hours of his notice to the company.

"As soon as we learned of it," said a Schoolzilla representative, "we immediately fixed the error and confirmed no one accessed any information, other than the researcher."