Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Unprotected Database Leaves Personal Details of Special-Needs Students Vulnerable

Tyler Cross
Tyler Cross
Tyler Cross Tyler Cross

Researchers at vpnMentor have stumbled upon an unsecured database that holds sensitive personal records of special-needs students and their parents.

The recent report highlights that this database, which was not password-protected, contained around 50,000 invoices connected to Encore Support Services, a company offering special education and behavioral health services.

The exposed database housed a variety of personally identifiable information related to students and parents attending public schools in New York. With over 47’000 items totaling nearly 7 GB — some of these records go back as far as 2018 — the report illustrates the risk to public safety.

The database also revealed service types that might hint at a child’s disability, along with notes about medical care or services provided either at school or at home. This exposed sensitive details such as the names and home addresses of parents. The invoices contained vendor information, EIN/SSN tax identification, billing hours, and service costs.

These services were provided based on the student’s specific needs, with the invoices displaying a “Service Type” field that could potentially indicate the reason for receiving special needs services or additional medical data about the students. This means that all of the information is completely exposed.

Although researchers cannot confirm if cybercriminals or other unauthorized individuals accessed the exposed data, its public availability poses significant risks to those affected. Cybercriminals might target parents or guardians to acquire sensitive information, which could be used for identity theft.

Criminals could then use various social engineering strategies to threaten the family’s identity. For example, they could pretend to be an Encore Support Services employee or a school representative. After contacting the parent and requesting personal information like a child’s social security number or credit card details for an alleged small payment, they can use that information for further identity theft, potentially stealing from them without them noticing.

About the Author
Tyler Cross
Tyler Cross
Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."