Missouri teachers’ social security numbers at risk on state agency website | Education – Community News
Social Security

Missouri teachers’ social security numbers at risk on state agency website | Education

“We are quite shocked to hear this,” said Byron Clemens, spokesperson for the local branch of the American Federation of Teachers, AFT St. Louis Local 420. He praised DESE for taking swift action to remove the affected website, but warned , “We don’t know if anyone has been harmed yet.”

‘A serious shortcoming’

While there was no apparent or searchable private information on any of the web pages, the paper found that teachers’ social security numbers were included in the HTML source code of the pages involved.

The paper asked Shaji Khan, a cybersecurity professor at the University of Missouri-St. Louis, to confirm the findings. He called the vulnerability “a serious flaw.”

“We’ve known about these types of errors for at least 10-12 years, if not more,” Khan wrote in an email. “The fact that this type of vulnerability is still present in the DESE web application is mind-boggling!”

Khan urged the state to conduct a thorough audit to ensure other web applications do not contain similar vulnerabilities.

According to McGowin, such an audit had begun on Tuesday and was still underway at noon on Wednesday. She said that to the best of her knowledge, no other instances of the error had been identified.

“Unfortunately, these kinds of flaws and poor design choices are more common than we’d like,” Khan wrote. “Local and state governments across the country often still use applications developed many years ago that may contain serious security flaws.”