Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident.
… The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email address, and parent/guardian names may have been exposed, but it did not extend to credit card numbers or social security numbers.
So far, that is pretty consistent with what this site observed, although parent email addresses were also in the exposed records. But then there’s this:
The company told West Hartford school officials that they are not aware of any outsiders having access to the information that was exposed.
This site had notified Total Registration that a researcher had found their leak. And this site published some redacted screenshots, indicating that this site had at least some data or proof of leak. Does Total Registration have access logs?