Online message forum exposes passwords for Florida child welfare system
Incident Date: September 28 2004
Incident Location: Wildwood FL USA
Confidential child-abuse and foster care records were exposed to the public after a password granting access to the data was published on a Web site. Kids Center, a private consortium that handles foster care and other services for at-risk children, provided caseworkers with access to these confidential records via a Web-based system named CoBRIS. A reporter for the Miami Herald stumbled upon a system account and password, used it to access CoBRIS, and then alerted local child welfare authorities.
The organization maintained a Web page that allowed caseworkers to post messages with questions about using the CoBRIS system. It was a few of these messages that exposed the details of specific caseworker accounts and passwords. Once the Herald reporter found the messages he was able to access CoBRIS and browse the information available to him.
The CoBRIS system used by Kids Center was developed by Edmetrics. An Edmetrics spokesman said that a "review of security logs has assured us that this reporter was the only unauthorized access into the system."
Kids Center reacted quickly to address the problem. They changed all existing account passwords and will now require caseworkers to authenticate before posting questions to the CoBRIS message Web pages. Administrators also eliminated the ability of users to see the responses to questions previously asked by others
Title: Glitch opens access to kids' records
Author: Colleen Jenkins
Publication: St. Petersburg Times
Publication Location: St. Petersburg FL USA
Publication URL: http://www.sptimes.com/2004/10/01/Hernando/Glitch_opens_access_t.shtml
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.