Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
July 3, 2018
Company: Advanced Law Enforcement Rapid Response Training, Texas State University
Location: , Texas
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
50,000

According to ZDNet, "A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned.

The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University.

The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection.

. . . .

The database contained thousands of personal data records, including law enforcement officer's work contact information, with many of the records listing personal email addresses, work addresses, and cell numbers.

Officials from the FBI, Customs and Border Protection (CBP), and the US Border Patrol were listed in the database.

In another table, some 65,000 officers who had taken an ALERRT course and provided feedback had their full name and zip code exposed.

Another table listed detailed histories on instructors, including their skills and training, while another contained the names of more than 17,000 instructors.

Another table contained 51,345 sets of geolocation coordinates of schools, courts, police departments, and government buildings, like city halls and administrative offices. The data also included places of interest, such as where people gather -- like universities and malls. The list also contained, in some cases, police officers' home addresses. We confirmed this using Google's Street View, which in several cases revealed marked police vehicles outside the residence.

Many of the emails contained or asked for sensitive data. Password reset emails would often ask users for their date of birth or the last four digits of their Social Security number for their profile. It's not clear why this data was needed, or if it was stored in another database.

Other emails informed law enforcement staff of successful enrollment in classes, which contained names, email addresses, phone numbers, the course they were taking, and where and when the course was offered.

That data alone would give anyone insight into the capabilities of police and law enforcement departments across the country."

** Disclaimer ** The number of breached records reported reflects our best estimate, based on all the data currently available.
If you are a business representative and believe this number is inaccurate, please contact us at chronology@privacyrights.org and we will review and update this record.
 
Information Source:
Media
CSV