College recruitment database leaking nearly 1 million students’ GPAs, SAT scores, IDs, and other personal data

[MonSpyder9]

Content source

https://cybernews.com/security/college-recruitment-database-leaking-nearly-1-million-students-gpas-sat-scores-ids-and-other-personal-data/

We recently discovered an unsecured Amazon S3 (Simple Storage Service) bucket, or database, containing nearly 1 million records of sensitive high school student academic information.

Included in this unsecured bucket are GPA scores, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, and students’ and parents’ names, email addresses, home addresses, phone numbers and more.

The unsecured bucket seems to belong to CaptainU, an online platform that purports to help connect student athletes and colleges or universities that are interested in recruiting them for their athletic programs. Because of that, the bucket also contains pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials.

 

[Gandalf_The_Grey]

From that article:

Disclosure
We reached out to CaptainU to notify them of their unsecured database on May 22. However, we received no response from the company. We then contacted Amazon to help fix the issue.

An Amazon representative then informed us that CaptainU intended this information to be publicly available. In an attempt to confirm that information, and to understand whether CaptainU’s members — both the students and their parents — knew that the educational information they’ve supplied to CaptainU would be accessible to the general public, we contacted parents of students whose data has been leaked.

With this, we attempted to contact CaptainU via the Amazon representative, as well as through their website. We still have not received any responses from CaptainU, and the files are still accessible.