Raptor Technologies, a third-party vendor used by Arkport CSD and many other districts, found and disclosed a vulnerability involving certain cloud-hosted data. On January 11, the district received notice from Raptor Technologies providing a list of impacted data.
As Raptor customers, we were informed of the company’s data incident and that some of our data was accessible on the Internet and may have been accessed by a single cybersecurity researcher. As Raptor works with its customers to address this situation, the company has informed us that they do not believe the data involved in this incident has been accessed by any other third parties beyond the cybersecurity researcher who discovered the vulnerability.
Raptor has stated, “We have communicated with all Raptor customers. There is no indication at this time that any data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel. We have no reason to believe that there has been any misuse of this information.”
Working with Raptor Support, we obtained copies of the data to determine what information was publicly accessible. The files that were available were synchronization logs. The logs are not identified as Arkport CSD logs, but they do contain student names, system-assigned student IDs, and staff email addresses.
This issue is being investigated by Raptor and [district name], so if anything changes, or Raptor reaches out with new updates, we will share that information.