A massive security flaw in the Baltimore County Public Schools allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data.
The system’s BCPS One/Schoology platform where anyone with a password – including students, parents, and staff members – can access to personal student and staff member information, as well as some sensitive school system records, was the source of the breach.
TPRM report: https://scoringcyber.rankiteo.com/company/baltimore-county-public-schools
"id": "bal1640301022",
"linkid": "baltimore-county-public-schools",
"type": "Breach",
"date": "07/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Education',
'location': 'Baltimore County, Maryland',
'name': 'Baltimore County Public Schools',
'type': 'Educational Institution'}],
'attack_vector': 'Unrestricted Access',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal student information',
'Personal staff member '
'information',
'Sensitive school system '
'records']},
'description': 'A massive security flaw in the Baltimore County Public '
'Schools allowed unrestricted access to highly sensitive '
'records pertaining to students, staff and internal school '
'system data.',
'impact': {'data_compromised': ['Personal student information',
'Personal staff member information',
'Sensitive school system records'],
'systems_affected': ['BCPS One/Schoology platform']},
'initial_access_broker': {'entry_point': 'BCPS One/Schoology platform'},
'title': 'Baltimore County Public Schools Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak Password Management'}