/ SECURITY WATCH

LA School for the Visually Impaired Breach

Popular articles

10 / 11 / 2016

Louisiana School for the Visually Impaired: DATA SECURED!

Protecting the personal data of children is always important, but what happens when a school or government related institution leaks that data? A child’s data is extremely vulnerable because they often have no choice in who stores or collects their data. As online technology and digital records become the modern standard it is more important than ever to protect the personal data and medical records of children. Having your data leaked as a child could follow you around for the rest of your life and this is why data protection must be taken serious.

The MacKeeper Security Research Center found that Louisiana School for the Visually Impaired was running a leaky instance of the Rsync protocol. This protocol is widely used for remote synchronization between computers and in most cases it is protected from external access. But there are still many “live” examples when Rsync is left without any password authentication.  

Due to that particular breach we were able to access a virtual drive of institution which contained a lot of internal and sensitive information. The data included highly sensitive information such as the children's State ID Number, birth dates, full names, photos, accommodation details, medical impairment comments etc. And yes, this information was available online without any password and login, so basically anyone with an Internet connection could have download it.

Among other data there was a file that contained a total of 3,647 records of 200 children from the Louisiana School for the Visually Impaired, a K-12 state-operated school located in Baton Rouge, Louisiana, United States. The school has both blind and other visually impaired students.

In September 2016 The MacKeeper Security Research Center discovered a database of 2.9 million voters from Louisiana. Upon notifying the state about the data breach we worked with Mr. Dustin Glover the Chief Information Security Officer from the Office of Technology Services for the State of Louisiana who was able to help us secure the database within a matter of hours. We would like thank Mr. Glover once again for his fast and professional assistance in identifying who is responsible for managing this database and ensuring that the children’s data was urgently secured.

***

Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Research Center. 

Do you have security tips or suggestions? Contact: security@kromtech.com

Stay tuned to the latest security news by visiting MacKeeper Security Watch blogsubscribe to our RSS.