When I posted a news item about a breach involving Gabbitas and The Independent Schools Guide web site, I duly quoted the reference to claims that the leak had been due to a cyber-attack, even though it seemed a bit implausible to me.
An article in Computerworld today by John E. Dunn that reports there was no attack, and this was just error:
Last week’s leak of a database of schoolchildren by educational firm Gabbitas was caused by a straightforward technical error and not an external attack as apparently claimed at the time, the source of a story run by The Sunday Telegraph has told Computerworld UK.
According to the source – who wishes to remain anonymous – he stumbled on an exposed database containing the records of 1,367 children on 17 August while using Google to locate the email address of an acquaintance.
In the event, the search turned up the desired contact inside a CSV (comma separated value) file dump from an SQL database. Uploaded sometime between 15 March and 16 June 2012, this appeared to have been accidentally left exposed on the emetis.com independent schools guide website run by Gabbitas (currently down) during a revamp.
Read more on Computerworld.