Yesterday, Chum1ng0 spotted a forum listing that affects a regional office in the Illinois k-12 education system.
DataBreaches reached out to that regional office by email yesterday morning to alert them. Emails were sent to multiple people, including the Superintendent and head of IT. The emails provided them with specific information from the listing.
Did the regional district office acknowledge the alerts?
No, they did not.
Did the regional district office do anything in response to the alerts?
We have no idea.
And while the data or access didn’t appear to be the most sensitive, could someone gain access using the alleged district credentials and then escalate privileges?
Again, we do not know. But it sure would have been comforting to hear from the regional office that they received the alert and were looking into it or doing something in response to it.