DataBreaches did not mention this publicly sooner because Kido was already under great pressure due to the breach involving children’s personal information and photos. But now that many people are feeling some relief that the hackers have supposedly deleted all the data and won’t be calling parents any more, DataBreaches can reveal that on Monday, this site contacted Kido to alert them to a data leak that a researcher had discovered and reported to DataBreaches that morning. He had discovered the leak because he decided to research Kido after reading about the horrific breach they were dealing with.
The leak did not involve information on children, but it involved more than 600 resumes/cvs of either employees or job applicants, with all of the personal information that one normally finds in a resume or cv.
Many of the cvs were for the Amelio school, which is a Kido school in India. The other cvs were for kidoschools.com.
On Tuesday, a spokesperson for Kido emailed DataBreaches to thank this site and to confirm that the data had been locked down.
Whether this needs to result in notification to individuals will likely depend on whatever they find when they check their access logs, but since it looks like the exposed bucket had been listed on Grayhatwarfare, it may have been explored or accessed by others.