****See below for Statement from Raptor sent on January 19, 2024****
Jan. 12, 2024
Dear CISD Community,
We are contacting our community to inform you that Raptor, a third-party vendor used by Coppell ISD and many other districts in Texas and the nation for checking people in at our front offices, has reported a data breach. As a customer of Raptor, we were informed of the company’s data breach, and it is possible that some of our data may have been accessed by a single cybersecurity researcher.
As Raptor works with its customers to address this situation, the company has informed CISD that the data and documents involved in this leak have not been accessed by any other third parties beyond the single cybersecurity researcher.
Raptor has stated, “We have communicated with all Raptor customers. There is no indication at this time that any data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel. We have no reason to believe that there has been any misuse of this information.”
We want our community to know that Coppell ISD is committed to protecting and securing educational data. Our team has extensive data security and privacy training, and our systems have controls in place to protect your child’s academic records and all the data our district handles and stores.
This issue is being investigated by Raptor and Coppell ISD, so if anything changes, or Raptor reaches out with new updates, we will share that information with our parents, staff and families.
Sincerely,
CISD Administration
****Statement from Raptor Sent on Jan. 19., 2024****
On December 20, 2023, Raptor was contacted by a security researcher who disclosed to us their discovery of a vulnerability involving certain of Raptor’s Azure cloud-hosted data containers. This vulnerability could have rendered data stored within such containers externally accessible. The affected Azure storage containers were comprised of data relating to certain features of three Raptor products: RaptorLink, Raptor Visitor Management, and Raptor Emergency Management. Specifically, the containers stored documents uploaded by customers of Raptor Visitor Management and/or Raptor Emergency Management using the applications’ custom and student alerting and upload features, as well as certain transaction logs created by RaptorLink for software maintenance purposes which may contain individuals’ names and school district identification numbers.
Raptor is not aware of any impact to Raptor Volunteer Management or StudentSafe resulting from this vulnerability, and driver’s license data processed using Raptor Visitor Management is not stored within the affected cloud repositories.
Upon becoming aware of the issue, Raptor promptly implemented remediation protocols to secure the data repositories in question. Our immediate remedial measures included correcting the vulnerabilities to secure the repositories in question, and we subsequently conducted a comprehensive Internet search in an effort to identify any evidence that the data had been acquired by malicious actors. At this time, we have no evidence of any malicious access or acquisition of the potentially affected data.
After implementing and validating the effectiveness of our remedial measures, we provided notice to all customers on January 10, 2024, and are continuing to work with customers to address any inquiries about this matter. Contrary to what has been reported in some publications, the number of potentially affected customer documents represents a very small percentage of the reported four million records, the vast majority of which are the aforementioned RaptorLink logs.
We are currently working with a third-party to further validate our remediation efforts and continue to enhance Raptor’s security posture.
Please know that Raptor takes its responsibility for security and privacy extremely seriously. We are committed to safeguarding our customers’ information and their trust in line with our mission to protect every child, every school, every day.
**********