We recently discovered an unsecured Amazon S3 (Simple Storage Service) bucket, or database, containing
nearly 1 million records of sensitive high school student academic information.
Included in this unsecured bucket are GPA scores, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, and students’ and parents’ names, email addresses, home addresses, phone numbers and more.
The unsecured bucket seems to belong to
CaptainU, an online platform that purports to help connect student athletes and colleges or universities that are interested in recruiting them for their athletic programs. Because of that, the bucket also contains
pictures and videos of students’ athletic achievements,
messages from students to coaches, and other recruitment materials.