Get Schooled, an educational non profit organization created as a partnership between The Bill and Melinda Gates Foundation and Viacom with significant help from AT&T has suffered a data breach which revealed personal identifiable information on hundreds of thousands of students: with initial estimates putting the total number of affected children at around 930,000. The data breach was discovered by British cybersecurity firm TurgenSec and was first reported on by the Financial Times. According to the report, the personally identifiable information that was breached includes:
“full addresses, schools, full student PII including student phone numbers and emails, graduation details, ages, genders and more.”
Bill and Melinda Gates backed Get Schooled Got Pwnt
Over the years, Bill and Melinda Gates have tried to bring life to the flailing American education system with direct help to local schools, and also with projects such as the Get Schooled Initiative. TurgenSec revealed to the world that the database of student information that Get Schooled had amassed since its inception was unprotected and available on the open web during Get Schooled’s recent website revamp. Unsecured databases are an increasing vector for data breaches, and highlight the sad state of privacy and security in the wider world.
While most people might consider Microsoft to be a company that cares about privacy and security – at least when it comes to protecting their own proprietary information – just like the SolarWinds debacle, this attack highlights that mere association with firms that have proper security and privacy practices doesn’t guarantee anything. Studies have already shown that companies that don’t have serious privacy and security practices are more likely to suffer data breaches – and this most recent data breach is concerning because it brings to question the data privacy practices of other projects funded by the Bill and Melinda Gates Foundation.