What we fear is here.  It’s not an InBloom leak – probably a local hacker who seems quite ticked off at Sachem School District.  According to the first page of the hacker’s site, he/she claims that the data was exposed 2 years ago by someone else and is doing this now because the district did nothing about it and would not admit it.  He/she says the data will continue to be leaked (it still is now) until the district makes an admission to their errors.

I saw the data myself – how? Well, News12 Long Island stated the forum name where the data was posted.  The hacker was posting frequently – quicker than the moderator or administrator of the forum could take it down.

I saw medical records (immunization, allergy, etc) and a letter from a doctor stating the child was prescribed Ritalin and his dosage.  I saw a list of student ID’s with their names and whether they were receiving free lunch or not.  I saw report cards.  District registration documents (including name, address, date of birth, parent info.)  I saw disciplinary records – a letter to a parent (name and address included) stating their child had been suspended for smoking marijuana on the bus.  BOTH the parent’s and child’s name and address were on the letter. 

After skimming a few of these items, I notified the authorities.  There was a section to download more records – I opted out of that!

THIS is what we fear.  I should not have seen those records – my stomach turned as I saw the documents.  I was in a state of shock.

Being told we are “misinformed” and “grabbing headlines” is disheartening.  We are parents. We have the right to be told what information the districts are sharing and when.  We have the AUTHORITY to question everything a district does with our children’s and our personal information.  Districts have an obligation to us – they MUST inform us of the data items they will share with NYSED.  NO ONE should see what I saw with my own eyes.  How completely irresponsible.

This is completely unacceptable!

This is bad.  Very bad.

Here is a picture that I took of the first page of the hacker’s site – please note, I have received many requests for the link to the site where the data is displayed.  I will NOT share that information with anyone other than the police.  The pictures I took of my screen on my laptop will only be shared with police – I share the below picture simply because there is no PII contacted to it at all – it is the hacker’s first page on their site and describes their purpose for doing this to Sachem. 


here is the full text of that first page: 

UPDATE- Links Back Up

Sachem central school district is one of the largest suburban school districts in new york, accommodating almost 16,000 students each year within its 18 schools. Recently, sachem has had budget issue’s, needing a revote to pass an amended budget that makes cuts in many places. These cuts have been in the form of laying off teachers, cutting courses all together, and placing a very high number of students together in one classroom. These cuts make it harder for students to learn and perform optimally. Cuts were not made in the correct places, and funding was increased for some things. One particular concern is that throughout the last two years running up to the end of this year, sachem will have spent $2,337,881 on central data processing. These are more or less the maintenance, support and protection costs that are required to keep the schools computer network running and secure. Unfortunately, the money was either completely wasted or embezzled, as sachems network does not have a two million dollar security infrastructure. The extremely minimal security that was in place was defeated in a very trivial manner, and the system administrators were informed of the issue multiple times. They were unable to fix the issue, as the districts networks utilize mostly free tools and are extremely vulnerable. After repeated attempts to get the problems corrected were practically ignored, it was discovered by many users that extremely sensitive personnel and private information could be accessed with little effort. You and your child�s identifying information such as social security numbers, birth certificates, passports,credit cards and even bank statements and possibly more have been obtained by identity thiefs and cybercriminals. Anything you have ever provided the district should be assumed to be compromised. If you are or recently were a student at sachem or you are the parent of a sachem student, I strongly advise you go get credit protection immediately. The district is not yet offering any kind of monitoring. Any and all information listed on this site will be and has been removed of any harmful information such as social security numbers, birth certificates or anything that could aid in identity theft. The district has as of yet refused to acknowledge the leaks and offer protection or monitoring, and until they do so taxpayers will be kept informed of this information through the documents that will be published here. These documents will continue to be published until sachem acknowledges that your information was compromised and offers to do something to correct the situation. Ideally credit protection would be offered to every currently enrolled student and any other past students who were effected. Also, sachem needs to disclose exactly what was compromised, and the date that breach occurred. Below is the welfare/income status of 15500+ students recently or currently enrolled in the district.”

The documents are live again.  as of 11/10/13 at 1:13PM



If you post the link to the data on the COMMENTS SECTION of this blog, you will be reported to the authorities. DO NOT POST THE LINK HERE – that simply continues the private information being shared!