The Journal Gazette
Saturday, October 23, 2021 1:00 am

Security failure fallout proves misguided

EDITORIAL BOARD | The Journal Gazette

When Missouri officials learned recently about a website problem that left the Social Security numbers of the state's teachers vulnerable to hackers, they went after the messenger.

A St. Louis Post-Dispatch reporter uncovered the vulnerability – a problem in a web application that allowed users to search teacher certifications and credentials.

The Social Security numbers of more than 100,000 teachers, administrators and counselors showed up in HTML source code of web pages for the state Department of Elementary and Secondary Education.

The newspaper waited to publish its findings until the state had moved to protect the private information and ensure no similar problems occurred within the websites of other agencies.

Gov. Mike Parson labeled the reporter a hacker and turned the case over to prosecutors.

“The state does not take this matter lightly,” Parson said during an Oct. 14 news conference at the Statehouse in Jefferson City.

A simple “thank you” might have sufficed.

“The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse,” Post-Dispatch attorney Joseph Martineau said in a written statement published online by the newspaper. “A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no malicious intent.

“For DESE to deflect its failures by referring to this as 'hacking' is unfounded. Thankfully, these failures were discovered.”

Share this article

Email story

Subscribe to our newsletters

* indicates required