A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website.
A tool within the system’s BCPS One portal platform, where students are able to access classes, grades and academic resources online, is the source of the breach where anyone with a password – including students, parents, and staff members – have had access to others’ personal student and staff member information, as well as some sensitive school system records.
Some records found go back to the 2008-2009 school year.
It is unknown how long the records have been open to thousands of students and employees and whether there was a larger scale breach of the data.
The Baltimore Post reached out to an information technology contact at Baltimore County schools on Wednesday night prior to publishing this story. The contact confirmed that the error stemmed from a “share all” function on Microsoft Office 365 and a search bar that permitted any user to search for any subject – without restriction. Microsoft and the district have since fixed the error and are working to identify other areas of concern on the platform...
These security flaws and will occur more frequent.
ReplyDeleteThey'll be either an "Act Of God" or an "Act of Nature."