Prosecutor won’t charge reporter who uncovered database flaw


Prosecutor Wont Charge Reporter Who Uncovered Database Flaw
KOAM Image

ST. LOUIS, Mo. – A Missouri prosecutor will not charge a journalist who exposed a state database flaw. That flaw he discovered allowed public access to thousands of teachers’ Social Security numbers. The Governor had ordered a criminal investigation into the journalist.

(Previous Article: Missouri Governor accuses reporter of hacking DESE website)

The Database Flaw

In October of 2021, the State shut down the Missouri Department of Elementary and Secondary Education webpage. It happened after St. Louis Post-Dispatch reporter uncovered a security flaw that could have potentially exposed teachers’ sensitive information.

State officials say someone took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security numbers of those specific educators.

The St. Louis Post-Dispatch reported it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

The newspaper held off publishing a story about the flaw until the state fixed it.

The Investigation into the Database Flaw

Governor Parson announced a criminal investigation in October of 2021. He alleged the newspaper journalist was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished.”

Democratic state Rep. Ashley Aune, of Kansas City, accused Parson of a “smear campaign” against the Post-Dispatch journalist when it was Parson’s administration that stored the private information and left it unprotected.

“This fiasco perfectly illustrates why Missouri needs to get serious about confronting 21st century cyberthreats,” Aune said.

Aune helped write a section of Senate Bill 49 that created the Missouri Cybersecurity Commission.

The Post-Dispatch released a statement in which it said the reporter in question did the right thing by reporting the issue.

“A hacker is someone who…

Source…