A security researcher identified a publicly accessible database containing sensitive data related to adoption. This database, linked to the Gladney Center for Adoption, included personal information about children, birth parents, adoptive parents, and sensitive medical and legal information. Despite attempts to alert the organization, there was no immediate response, but the database was secured shortly after. Misconfigured databases remain a significant issue, making sensitive information accessible to unauthorized users, raising concerns about the security of vulnerable children's data.
This is the first time in all of my research that I've seen adoption data, and it stood out because a lot of these kids are very vulnerable.
I believe that this data was exposed during the move to a different system, and that it was up for a few days before I found it.
Misconfigured databases are common online, even after years of effort to raise awareness about the issue, making information accessible to whoever comes across it.
The trove included details like the identities of some children's biological parents, data on individuals' medical and mental health status, and information about interactions with Child Protective Services.
Collection
[
|
...
]