Hacker: Missouri Gov. Mike Parson is accusing a journalist of hacking the state administration’s Department of Education website after he reported security holes on the page, which expose data from thousands of teachers. The story was reported by The Missouri Independent this Thursday (14).
According to the publication, a reporter for the St. Louis Post-Dispatch newspaper discovered that a bug on the site allows access to the social security numbers of more than 100,000 teachers registered on the platform. To view the data, available in the source code of the page for any Internet user, he only needed to press the F12 key.
But for Parson, the story was a little different. During a press conference, the politician accused the journalist of carrying out a “cyber attack” on the government system to steal personal data (in fact, no sensitive information was accessed). He also said that the “hacker” acted with the aim of embarrassing the state.
As a result, the governor decided to report the reporter to the Cole County Attorney’s Office, in addition to asking the Missouri State Highway Patrol to investigate him. But the newspaper’s lawyer said there was no reason to sue him, as he did the right thing to share the discovered vulnerability with authorities.
Failure existed for years
The bug in question has been around for at least 10 years in the education platform, according to University of Missouri St. Louis cybersecurity professor Shaji Khan. The expert said he did not understand how the local government let the problem persist for so long without any correction.
Khan revealed that he has sent a letter to the state requesting a full audit to see if other administration’s online services have similar vulnerabilities. “Local and state governments across the country are still using applications developed many years ago and can contain serious security holes,” he explained.