- Jul 27, 2015
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. The newspaper verified its findings with a cybersecurity professor and then informed the agency responsible for the leaking site – the Department of Elementary and Secondary Education (DESE) – on Tuesday. On the same day, the DESE took down the affected pages. Then, on Wednesday, having waited to disclose the vulnerability until after the pages came down, the outlet published its story.
The next day, on Thursday morning, a naked emperor shot the messenger, as Missouri Gov. Mike Parson threatened legal action against whoever found the vulnerability and whoever may have helped them. He called the unnamed journalist a “hacker,” vowed to sic the courts on the individual and said the state would try to recoup incident-response costs that might cost taxpayers “as much as $50 million.”
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.