Governor Parson Launches Investigation Into St. Louis Post Dispatch After Newspaper Discovers a Vulnerability on State Education Website

Missouri’s governor says he’s asking state investigators to look into the actions of the St. Louis Post-Dispatch newspaper, who revealed a flaw in the state education department’s website that allowed the public to access social security numbers of teachers.

The newspaper notified the Missouri Department of Elementary and Secondary Education that nearly 100,000 teachers’ social security numbers were vulnerable to public exposure.

The Post-Dispatch says it found the vulnerability when it viewed the source code of DESE’s website and discovered that within the source code, nine digit numbers were present, which later was confirmed to be social security numbers.

When DESE sent out a news release on the matter Wednesday night, it represented the Post Dispatch’s actions as those of a hacker.

Governor Parson continued that theme when meeting with the media Thursday at the Capitol in Jefferson City.

Parson called the newspaper’s actions “pathetic.”

An attorney representing the newspaper says the Post-Dispatch did the responsible thing by notifying DESE of the vulnerabilities of its website, adding the reporter is not a hacker because there was no breach of any firewall or security and no malicious intent.

Parson says his administration has reached out to the Cole County Prosecutor’s Office and investigators with the Missouri State Highway Patrol to investigate an attempt to “steal” information.

The governor says the newspaper’s report is an “attempt to embarrass the state and sell headlines for their news outlet.”

House Minority Leader Crystal Quade issued a statement saying “the governor should direct his anger towards the failure of state government to keep its technology secure and up to date and to work to fix the problem, not threaten journalists with prosecution for uncovering those failures.”

DESE says at least three teachers’ personal information was compromised.

The Post-Dispatch says the education department removed the affected pages after it notified them of the breach.

Leave a Reply

Your email address will not be published. Required fields are marked *