DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data allegedly from “Georgia Board of Education” up for sale on a forum?

Posted on June 20, 2022 by Dissent
Some data allegedly from the Georgia Board of Education was offered for sale on a hacking-related forum last week. But were they really from the state board of education? After DataBreaches started asking questions, the listing seems to have been removed.
Data allegedly from Georgia Board of Education posted for sale. Redactions in blue color by seller. Other redactions by DataBreaches.net.

Last week, DataBreaches.net spotted a listing on a hacking-related forum that offered what was described as the personal information of students, parents, and employees from the “Georgia (USA) Board of Education.” The seller, a new member of the forum, claimed to have some employee data that included 156 rows with employees’ Social Security numbers and phone numbers. They also claimed to have student login data with names, email addresses, usernames and passwords, as well as yet other data with parental contact information.

Are These Data Really From a State Database?

Inspection of the sample data posted by the seller failed to reveal any data that actually pointed to the Georgia Department of Education (GaDOE) or the Georgia Board of Education (GaBOE).

In the screencaps provided by the seller as a sample, the only email addresses provided relate to hcbe.net, which is the Houston County Board of Education (HCBE) in Perry, Georgia.

When a  forum member asked for more information about the amount of data, the seller responded that there were 5,166 lines in the Student Contact Information and 1,962 lines in the student login information data. That is not a lot of data for what is allegedly a state database. It is not even a lot of data for a county database or a single school’s database if compiled over years. The listing offered no explanation for why there was so little data offered for sale.

Using Google, DataBreaches was able to confirm that there are (or were) HCBE employees with the names listed in the employee screencap, although DataBreaches has not yet been able to confirm whether those are current employees or past employees. DataBreaches was also able to find adults in that area whose names matched the names of adults listed as parent contacts for students.

When contacted by DataBreaches with questions as to whether the data were really from the state or from HCBE and whether the data were recently hacked or scraped, the seller declined to answer questions about where the data came from and would only say that the data had been acquired “recently.”  Follow-up questions also produced no new answers, and the seller indicated none would be forthcoming.

Contacting the State and County

On June 16, DataBreaches reached out to HCBE via email and phone calls to their Superintendent’s Office and IT department. In addition to a detailed email and a detailed voicemail pointing IT to the email and leaving this site’s contact information, DataBreaches spoke to the Superintendent’s assistant, who seemed to understand the importance of the call.

HCBE did not reply to the calls or the email, though. Nor did they reply to a second email sent on June 17.

On June 18, DataBreaches sent an email to the Georgia Department of Education to ask Nicholas Handville, their Chief Data and Privacy Officer​​ for Technology Services,​ whether the state DoE had recently had any breach or data security incident.

No reply from the GaDOE has been received.

On June 19, DataBreaches sent an email to the Georgia Board of Education to ask them if the GaBOE had recently had any breach or data security incident.

No reply has been received.

At this point, then, the data may be real but nothing was confirmed by the state or county and the source of any data also remains unconfirmed.

Update: And Then It Was Gone?

At last check this morning, the listing appears to have been totally removed from the forum.  Did this site’s questions make the seller nervous or re-think their listing?  DataBreaches has no idea, but if the state or county ever get in touch, DataBreaches will provide them with copies of the screencaps as originally posted by the seller.

Update of June 21:  DataBreaches received an acknowledgement and thanks from the HCBE webmaster account who says the information had been passed along to their IT department to investigate.

Related posts:

  • The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.
  • Confused about the drama with the new BreachForums? Reading this will either help you or make your head spin.
Category: Breach IncidentsEducation SectorU.S.

Post navigation

← Indian government issues confidential infosec guidance to staff – who leak it
Voicemail phishing emails steal Microsoft credentials →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.