Data leak exposes school shooter response plans; Tarrant County schools not affected

Silas Allen
·2 min read
1

Tarrant County school officials say their districts weren’t affected by a massive data leak at a Texas school security company.

Raptor Technologies, a Houston-based school safety software firm, inadvertently leaked a cache of more than 4 million records from school districts nationwide, including incident response plans and campus evacuation routes. The company quickly made the files inaccessible after a security researcher reported the leak last month.

Cyber security researcher Jeremiah Fowler spotted the leak, which also included details about background check systems, security gaps and school layouts. Writing this week for the cybersecurity company vpnMentor, Fowler said the breach could have real-world consequences if the wrong people accessed the information while it was public. Information about school security systems could help bad actors exploit gaps and vulnerabilities, he wrote.

Also exposed during the breach were court records like divorce and custody documents, health records documenting students’ medical conditions and reports identifying students who were involved in incidents at school. Some of the information included in those documents could make students and their families vulnerable to fraud, Fowler wrote.

In a statement, Raptor spokesman David Rogers said the company secured the data as soon as it was notified of the breach and notified clients. The company has no evidence the data was misused while it was public, he said.

Officials in the Fort Worth, Arlington, Crowley, Keller, Hurst-Euless-Bedford and Northwest independent school districts confirmed that they didn’t have sensitive information disclosed during the leak. Spokespeople in several of those districts said they use Raptor’s systems to manage information like attendance, volunteer schedules and campus visitors, but don’t store sensitive information like student data, incident response plans or evacuation protocols there.

Cyber security issues represent a growing challenge for school districts across the country, including in Tarrant County. In March 2020, Fort Worth ISD fell victim to a ransomware attack, leaving teachers without a way to take attendance or use online instructional tools. The district spent nearly $100,000 to recover from the attack, and another $242,000 to strengthen its security systems.

Last year, officials in the Mansfield Independent School District announced that attackers had hit the district’s network, taking down internet-connected systems including phones, email and the district’s website.