DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Lower Merion School District says a data breach was caused by a computer glitch (1)

Posted on June 1, 2025June 2, 2025 by Dissent

DataBreaches cannot read “Lower Merion School District” without recalling the “Webcamgate” scandal of 2010, when the district was discovered monitoring students remotely in their bedrooms on district-issued MacBooks. At the time, they initially denied any misuse of remote access that was part of a security feature.

Now the district is back in local news in Pennsylvania. CBS Philadelphia reports:

The Lower Merion School District blamed a computer glitch after some confidential material was shared online. The district said it posted the information on a password-protected section of the website called BoardDocs. But people were still able to access the private documents. BoardDocs couldn’t say which documents were accessible, how long they were available or who may have seen them.

In other coverage, the district has reportedly removed all confidential docs from BoardDocs as a result of the incident.

But how was this a “computer glitch?” Is the district allegling that BoardDocs has or had a vulnerability? Or was this human error on the district’s part somehow?

DataBreaches emailed BoardDocs to ask about the alleged “computer glitch.” No reply was immediately provided, but DataBreaches will update this post when a reply is received.

Update 1: A fuller explanation of the breach involving BoardDocs was reported by The Philadelphia Inquirer.  Some details from that reporting:

  • The school district first learned of the breach on April 10, when it was contacted by a litigant in a legal proceeding unrelated to the breach.
  • The leaked documents included attorney-client privileged legal memos that discuss ongoing litigation, confidential employee information and issues involving students who are identified by their initials.
  • It remains unclear exactly how many internal Lower Merion documents were publicly accessible and for how long. The Inquirer obtained and reviewed a sample of confidential records from 2017 to 2024. Nor is it known whether the apparent bug could have impacted other school districts that use BoardDocs.

DataBreaches understands that Diligent, the company responsible for BoardDocs, has sent out letters to affected clients.  DataBreaches sent a second request to BoardDocs.

Category: Breach IncidentsEducation SectorExposureSubcontractorU.S.

Post navigation

← After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (1)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.