K12.com Data Breach (2019)

K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech. The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it's unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back. According to the researchers who discovered the exposure, the issue affected K12.com's A+nyWhere Learning System (A+LS), which is utilized by more than 1,100 school districts in the US. The database was misconfigured, resulting in it being publicly accessible and discoverable on BinaryEdge and Shodan, two search engines that specialize in indexing public-facing databases. The exposure, which was discovered on June 25th, first occurred on June 23rd and wasn't fixed until July 1st.