github-actions[bot]
commented
1 year ago This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.
Closed github-actions[bot] closed 1 year ago
github-actions[bot]
commented
1 year ago This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.
github-actions[bot]
commented
1 year ago This issue was closed because it has been stale with no activity.
An established forum user on Breached.vc uploaded what they claim is the [SPPS] Saint Paul Public Schools District Directory for free download. In describing what they refer to as an attack on February 13 to February 14 leading to a data breach, they write: Reasons for leak: Insecuring their Google Directory; Not Forcing stronger passwords onto students; The School District of one of my doxing targets: (link redacted by DataBreaches.net) For eight forum credits, anyone can download the data. DataBreaches could be wrong, but many of these records are public records that could be obtained just by requesting the data. For example, this page provides all the names and email addresses of staff at one of the schools. Other schools also provide their staff directories freely. There is no need to hack staff directories for SPPS. As to the student information, the district makes student names publicly available without consent under the “Directory Information” provisions of FERPA. There is no need to hack students’ names when you can simply request them. Under the district’s “Directory Information” FERPA provisions, student email addresses are also available to military recruiters and public libraries upon request. Student email addresses may not be as easy/convenient to get as staff information, but they are not that difficult. In some districts, if you know the format system used to generate email addresses and the students’ names, you can figure out their email addresses. DataBreaches is not sure that is true for SPPS, however.
https://www.databreaches.net/if-youre-going-to-attack-a-public-school-district-learn-what-ferpa-permits-districts-to-make-public-anyway/