Raptor Technologies

Summary

School software vendor Raptor Technologies recently distributed a “Notice of Externally Accessible Data” to their customers, stating that a vulnerability in specific cloud-hosted data repositories exposed customer data. In the notification, Raptor Technologies details that the following information was externally accessible: students’ names, school identification numbers, documents uploaded by Visitor Management and Emergency Management customers, and a limited number of sensitive documents.

Cybersecurity researcher Jeremiah Fowler discovered four million records linked to the Raptor’s software. The files included evacuation plans and detailed maps, specifics of students deemed a security risk, medical records, court documents related to family abuse and restraining orders, and the names and numbers of staff, students, and parents/guardians. While Raptor maintains that there is no evidence of unauthorized access to the data beyond the security researcher and Raptor personnel, if a nefarious actor obtained the data, the information included could facilitate physical and cyberattacks, identity theft, and harassment.