Data Security

Misconfiguration exposes over 140K childcare center records

Hacking the security. The threat of information leakage and the security of the system. Red open padlock among closed black ones. Close the gap, fix the problem.

Cybernews reports that more than 140,000 childcare and early education facility records, including parent and child data, have been inadvertently exposed by an unsecured Elasticsearch database believed to belong to widely used customer relationship management platform LineLeader.

Analysis of the misconfigured database revealed exposure of full names, email addresses, and phone numbers categorized into leads, inquiries, and children, suggesting the compromise of an active CRM system, according to the Cybernews research team. While the database has since been secured, attackers could leverage the leaked information to facilitate phishing and identity theft attacks.

"For the childcare and early education sector, these findings highlight the critical responsibility both software vendors and their customers share when handling sensitive family data," said researchers. Such a development comes amid a slew of accidental data exposures involving children, with parental control app KidSecurity found to have leaked sensitive data due to an unprotected Kafka Broker Cluster and an unsecured Elasticsearch database last year and in 2023, respectively.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds