JEFFERSON CITY, Mo. (KMIZ)
Gov. Mike Parson threatened legal action Thursday against the St. Louis Post-Dispatch and one of its reporters who exposed a flaw on the state education department's website.
The reporter found hundreds of thousands of Missouri educators' social security numbers were accessible to the public in the HTML code for the Missouri Department of Elementary and Secondary Education's website.
Parson said the Cole County prosecutor and the Missouri State Highway Patrol Digital Investigations Unit are now investigating the incident and it could cost taxpayers up to $50 million.
The St. Louis Post-Dispatch's attorney addressed the threats in a statement to ABC 17 News.
"The reporter did the responsible thing by reporting his findings to the Department of Elementary and Secondary Education (DESE) so that the state could act to prevent disclosure and misuse. A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no malicious intent. For DESE to deflect its failures by referring to this as “hacking” is unfounded. Thankfully, these failures were discovered," said Joe Martineau the St. Louis Post-Dispatch Attorney from Lewis Rice.
Watch Gov. Parson's remarks below.
The Missouri Department of Education said it has fixed an issue that allowed access to some educators' social security information.
According to the department, it was notified the personal information of three educators was possibly compromised through the state's certification database.
Officials cut public access to the site until the problem could be fixed.
The department blamed hackers for accessing the websites' source code to view the social security information.
The St. Louis Post Dispatch said the use of the term 'hacking' is unfounded.
The paper said it found the issue Tuesday and notified the department that educators' personal information might be at risk.
The Post-Dispatch accused the department of attempting to minimize the impact. The newspaper said only three teachers were compromised, but the personal information of around 100,000 educators was left vulnerable.
The paper waited to post its story until the issue could be resolved.
A cyber-security expert at the University of Missouri in St. Louis called the issue a quote, "serious flaw..." and said the problem has been known about for a decade.
The expert also called its presence on the department's website, "mind-boggling."