DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rostering, Provisioning, Owning Your Stack, and Transparency: a Look at Lewis Palmer

Posted on May 28, 2016 by Dissent

The Lewis Palmer School District data security vulnerability and breach continues to concern parents, and I had updated my original post with some observations by Bill Fitzgerald. Now Bill has written his own post on the situation. Giving myself unbridled permission to quote liberally from his thoughtful write-up, here’s part of it:

At the 5/19 school board meeting, a parent shared her experience speaking with the district IT staff. In her public comments, she shared talking with school officials in the fall of 2015 about some of her concerns. The testimony begins at the 53:40 mark of the video. In her testimony, it appears like the student’s login id to Google Apps is the same as their student ID. Therefore, based on how Google Apps works, student emails would also be student IDs, thus ensuring that kids in a class know everyones login ID.

I’m concerned that children are having to log into GAFE with their student ID numbers. And I was told that is just the way it is.

At this point, it’s worth noting that just knowing someone’s login ID is not sufficient to gain access. If, however, passwords were known, then that is a serious privacy issue.

And, it appears that the Lewis Palmer School District used birthdays as passwords, and announced this online from at least September 24, 2013 to March 14, 2016.

Read more on FunnyMonkey.

To be clear, Bill is hypothesizing as to what might have happened and how it happened, but his analysis makes sense. What doesn’t make sense is why the district didn’t address the issue.  Yes, it’s time-consuming and inconvenient to re-assign credentials, but given the risks of not doing this properly, and the amount of sensitive information that could be obtained by a curious peer or parent, the situation demanded an effective response. Allowing the situation to continue with the vulnerability strikes me as wildly inconsistent with any claims to care about privacy and data security.

 

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Education SectorOtherU.S.

Post navigation

← AU: Recruitment agency accused of dumping thousands of documents containing jobseeker’s confidential data in a skip bin outside recently closed store
NY: Holley Central School District investigates possible hacking →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE
  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.