One school document titled “active shooter / lockdown drill” provides a checklist of 11 questions that staff members need to fill in to analyze the school’s performance in a drill. This includes whether they heard a “Code Red Drill” being announced and whether windows and doors were locked when they checked. Questions on the drill document also include whether noise or talking could be heard from nearby rooms and whether anyone answered the door when it was locked.
Fowler says all the exposed documents appear to have been uploaded by schools to Raptor Technologies’ systems, some at a regularly monthly cadence. Within some school reports, Fowler says, he saw specific details such as officials noting doors that don’t lock or that a security camera has not been working for months. “If a domestic terrorist had basically a working map of all the vulnerabilities of a government building or a school or anything, that presents a huge hypothetical risk,” Fowler says. “Some of the maps even have arrows of which way the kids are going to run if there’s an active shooter, where they’re going to hide. I’ve never seen anything like that.”
The security researcher viewed a sample of the accessible documents to determine their authenticity and who they belonged to—allowing the leak to be reported to Raptor Technologies. WIRED is not naming any schools for safety reasons.
David Rogers, chief marketing officer at Raptor Technologies, tells WIRED the company “immediately implemented remediation protocols” to secure the exposed data once it was contacted and started an investigation into the issue. “We have communicated with all Raptor customers,” Rogers says. “There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he says, adding there is no reason to believe there has been any misuse of the information.
“We sincerely regret this issue and any concern or inconvenience it may have caused,” Rogers says. The company’s investigation into the incident is ongoing, Rogers says, adding that the “safety and wellbeing of children, staff, and the community members of our customers is the top priority of Raptor Technologies.”
Multiple school districts contacted by WIRED about the breach did not respond to requests for comment or declined to comment.
Beyond the safety reports included in the exposed files were documents and logs that detail personal information about students. Some documents detail risks that individual students could pose, their recent behavior, and if it has been improving. One document details threats or concerns about individual students: It names a student who has been fighting and bullying other students “almost daily for past two weeks.”
Another, a meeting agenda discussing students, lists physical attacks made by students, an individual’s threats of self-harm, and incidents of theft. “[Student name] is aggressive, kicking, scratching, and fights while transitioning from the bus each morning,” one file says of a student. It adds that the student “locked himself in principal’s office and grabbed a pair of scissors.”