Josh Renaud reports: The social surety numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the states department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to hunt teacher certifications and credentials show more on St. Louis Post-Dispatch. Now at this point, you’re probably asking the usual questions like “How many were potentially at risk?” “How long had this been a problem?” and “Is there any evidence that the data were accessed or downloaded for possible misuse?”� But while those are all reasonable questions, my question is ‘Why is the administration engaging in “Shoot the Messenger?’ and calling the reporter a “hacker?” According to the Post-Dispatch’s report, in both a press relinquish on the state’s site and a letter to educators, the say blamed the Post-Dispatch for discovering the vulnerability and referred to the newsman as a hacker. Through a multi-step process, a hacker took the records of at least three educators, decoded the HTML seed code, and viewed the social security number (SSN) of those specific educators. The letter to educators replaced “hacker” with “individual.” Sam Clancy of KSDK in Missouri seems to get picked up the state’s claims and KSDK headlines a story: “Hacker gets SSN, other information of 3 missouri teachers in data breach.” KSDK probably had no idea they were accusing another journalist of being a hacker. But kudos to the St. Louis Post-Dispatch team that found the problem, confirmed it, and then responsibly disclosed it to the state.� I’m going to allow their external counsel, attorney Joseph Martineau of Lewis Rice, make the last discussion here, although i observe that Martineau seems to only expend “hacker” in a crook sense, whereas many hackers are whitehats and administrators: The reporter did the responsible thing by reporting his findings to DESE so that the land could behave to foreclose disclosure and misuse, Martineau said in a written statement. A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no malicious intent. For DESE to deflect its failures by referring to this as hacking is unfounded. Thankfully, these failures were discovered. DESE:� we’ll just wait over here for you to apologize for attempting to deflect blame to the reporter who discovered your surety problem and who worked with their team to responsibly disclose it to you.