A K12.com database containing almost 7 million student records was left open so that anyone with an internet connection could access it, says a news report.
The incident was discovered by Comparitech and security researcher Bob Diachenko. The report says the information leaked included:
- Primary personal email address
- Full name
- Gender
- Age
- Birthdate
- School name
- Authentication keys for accessing ALS accounts and presentations
- Other internal data
"While the 7 million is accurate, it’s really (user) clicks,” said Mike Kraft, a spokesman for K12.com, in another news report. “Really, 19,000 students is sizing it better and in California, it’s about 800 students. In California, it’s not the virtual academies that we support.”
According to Kraft, only 5 percent of the students whose records were exposed had checked into K12.com websites since 2017. “In the midst of moving it to a new set of servers, this exposure occurred,” Kraft said. “Any data getting out there is not good, (but) this data is more than two to three years old. Most of these students are still not students any more. None of it is good, but not as bad as other situations that have occurred," he said.
The report syas K12.com reached out to all of the affected schools when it learned of the leak. “In fact, the law says we didn’t even have to do that,” Kraft noted.