Cincinnati Public Schools inadvertently released busing information, such as students' names and their pickup and drop-off locations, to the wrong recipients.
The district planned to disseminate about 7,000 students' information as a reminder to families as the first day of school approaches. But the district's internal email system sent an unknown number of those students' info to the wrong families.
The glitch was caused by a bug introduced during an update of the system, but the release was not a data dump or breach.
Each email included a student's first and last name, bus number, bus route, pickup, and drop-off location, and possibly the time of pickup and drop-off.
TPRM report: https://scoringcyber.rankiteo.com/company/cincinnatipublicschools
"id": "cin01810423",
"linkid": "cincinnatipublicschools",
"type": "Data Leak",
"date": "08/2019",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Education',
'location': 'Cincinnati',
'name': 'Cincinnati Public Schools',
'type': 'Educational Institution'}],
'attack_vector': 'Email System Bug',
'data_breach': {'type_of_data_compromised': ["Students' names",
'Bus number',
'Bus route',
'Pickup location',
'Drop-off location',
'Pickup time',
'Drop-off time']},
'description': 'Cincinnati Public Schools inadvertently released busing '
"information, such as students' names and their pickup and "
'drop-off locations, to the wrong recipients.',
'impact': {'data_compromised': ["Students' names",
'Bus number',
'Bus route',
'Pickup location',
'Drop-off location',
'Pickup time',
'Drop-off time']},
'post_incident_analysis': {'root_causes': 'Bug introduced during an update of '
'the email system'},
'title': 'Cincinnati Public Schools Data Leak',
'type': 'Data Leak',
'vulnerability_exploited': 'Bug introduced during an update of the email '
'system'}