School Districts Unaware BoardDocs Software Published Their Private Files The 74
p The 74
ppAmericas Education News SourceppCopyright 2025 The 74 Media IncppBoardDocs a software tool used by thousands of school boards to track meeting minutes and store confidential information has suffered a data breach affecting districts nationally The 74 has learned Records at the center of the breach include confidential files protected by attorneyclient privilege and other sensitive data that school leaders intended to keep under wraps ppBoardDocs parent company Diligent Corporation acknowledged Tuesday the breach was national in scope only after reporting by The 74 confirmed its customers across the country were affected The BoardDocs software which allows school boards to disseminate agendas and other public documents to their communities while keeping other records private is used by some 5000 public sector entities in the US and Canada primarily public schools ppThe company declined to disclose the number of school districts that were affected after a glitch in its product erroneously published sensitive records to the web but said only about 1 of documents stored on BoardDocs or roughly 64000 files were exposedppCompany spokesperson Michele Steinmetz told The 74 Diligent began notifying all BoardDocs customers including those who were not directly affected on May 30 the same day The Philadelphia Inquirer published an investigation into a BoardDocs breach affecting the Lower Merion school district That instance appears to have been uncovered when plaintiffs in a legal case against the district came across privileged files while searching for public ones ppGet the most critical news and information about students rights safety and wellbeing delivered straight to your inboxppMultiple additional school districts that contract with BoardDocs however said they were unaware of the incident until they were contacted this week by The 74 and in several instances received confirmation of the breach from Diligent only after they reached out to the company directly to inquire about whether their own confidential records had been compromised ppIn an interview with The 74 one customer called the glitch an improper misconfiguration of the vendors products An option to store records in a private folder within the districts broader public library could be misleading and people could think and rightfully so Anything I put in there is not publicly available when in fact it could be accessed by an unauthenticated userppThe official who spoke on the condition of anonymity because they werent authorized to discuss the BoardDocs situation or draw attention to their districts cybersecurity practices said their school system was not notified proactively about the fallibility that came to light in Lower MerionppIt was something that should not have been in place the official said The vendor should have been more clear and thoughtful and communicative around that configuration and the implications of itppNithya Das Diligents chief legal and chief administrative officer acknowledged the problem to The 74 saying Documents that were supposed to be set to private access were made accessible She declined to elaborate on the misconfiguration but said the company took immediate action to resolve the issue once it was discovered ppShe stressed that the confidential records had been made available on the BoardDocs platform only for a matter of a few months and existed only on that platform meaning that someone could not have gone onto their web browser and pulled up Google or Yahoo or something like that to find them pp I dont mean to downplay the situation but I do think its important to just keep in mind that it was extremely limited in terms of scope impact and duration Das said In order for these documents that were meant to be private to be publicly accessible you would actually have to go into the BoardDocs application and do a fairly specific searchppIts likely that some of the documents that may have been exposed would be those dealt with during school boards executive sessions where the law allows them to meet behind closed doors to discuss sensitive or privileged subjects These include personnel matters and employee disciplinary issues litigation involving plaintiffs often parents alleging wrongdoing union contract negotiations and pending real estate transactionsppInternal records from executive sessions were made publicly accessible in the Lower Merion breach according to the school districts lawyer A parent who came upon a trove of confidential memos told the Inquirer the discovery felt weird I was like Wait how am I reading thisppDenise Marshall chief executive officer of the nonprofit Council of Parent Attorneys and Advocates which works to protect the legal and civil rights of students with disabilities and their families said the breach was a great concern because school boards regularly discuss sensitive issues concerning these children Its unclear whether BoardDoc files related to special education services were compromisedppWe know of instances where families have been retaliated against because of information thats been shared and made public through one means or another from board meetings she said Its important that the school boards and of course BoardDocs take every effort to ensure that privacy is safeguarded ppThe vulnerability at BoardDocs is the latest example of how school districts reliance on thirdparty technology vendors for critical systems can introduce weaknesses and put sensitive information about students parents and educators at risk Last week 19yearold Matthew Lane pleaded guilty in Massachusetts federal court for his role in a recent cyberattack on education technology behemoth PowerSchool which led to a data breach exposing the personal information of millions of students parents and teachers globally The PowerSchool cyberattack and subsequent data breach has prompted dozens of lawsuits filed by parents students and school districts ppThe National School Boards Association which represents more than 90000 local school board members didnt respond to requests for comment from The 74 On social media in April the trade group gave a special shout out to BoardDocs for their generous support of the nonprofits 85th anniversary celebrationppBoardDocs doesnt list its fees on its website The New York State School Boards Association notes on its site that the tool is available for as little as 3000 per year and a onetime 1000 startup fee ppSchool cybersecurity expert Doug Levin cofounder and national director of the nonprofit K12 Security Information eXchange said the BoardDocs incident is a cautionary tale for both school districts and their vendors ppAny reasonable person if upon selecting a setting to private would presume that it would not be searchable Levin said I certainly dont fault anyone for taking a private setting at face valueppAfter a large urban school district quizzed the company about the news out of Lower Merion Diligent acknowledged in a notice obtained by The 74 that the districts private records could have been returned as part of a public search result if specific search terms were usedppOur investigation determined that your organizations BoardDocs site had documents in the accessible private folder MarKeith Allen Diligents chief customer officer wrote in an email to the district earlier this month ppThe record was provided to The 74 on the condition that the district not be named ppIn addition to a general notification to all its customers Das Diligents chief legal and chief administrative officer said that for customers we believed could have been impacted the company sent them a different communication obviously letting them know of that situation Das declined to provide copies of those communications to The 74 and said the company is not required to notify impacted individuals under any statelevel breach notification laws ppWe did also have a process of doing some direct outreach to impacted clients like picking up the telephone and calling them and so I guess I am surprised to hear that there might be clients who werent aware of the situation until you reached out said Das who noted the company does not plan to release a public statement about the breach The goal was not to try to hide the issue hereppAmy Buckman the Lower Merion school district spokesperson said in a statement that Diligent admitted there had been an error by their company in protecting confidential documents stored on their site and said immediate corrective action would be taken Still Buckman said the district put Diligent on notice that it would hold BoardDocs responsible for any damages resulting from the breachppThis isnt Diligents first time responding to a data breach involving sensitive information In 2022 the company suffered a cyberattack and subsequent breach involving a tool unrelated to its work with schools with affected customers including defense contractor Leidos That incident prompted at least three federal class action lawsuits which led to court settlements ppOfficials with school districts across the country that contract with BoardDocs including in Scottsdale Arizona and at the Illinois State Board of Education told The 74 they hadnt received notices about the incident ppAt this point in time we have no information on this topic Barth Paine the spokesperson for Californias Fremont Unified School District wrote to The 74 Please email us back if you have more details about our specific District We are now investigating this issueppGet stories like these delivered straight to your inbox Sign up for The 74 NewsletterppMark Keierleber is an investigative reporter at The 74ppWe want our stories to be shared as widely as possible for freeppPlease view The 74s republishing termsppBy Mark KeierleberppThis story first appeared at The 74 a nonprofit news site covering education Sign up for free newsletters from The 74 to get more like this in your inboxppBoardDocs a software tool used by thousands of school boards to track meeting minutes and store confidential information has suffered a data breach affecting districts nationally The 74 has learned Records at the center of the breach include confidential files protected by attorneyclient privilege and other sensitive data that school leaders intended to keep under wraps ppBoardDocs parent company Diligent Corporation acknowledged Tuesday the breach was national in scope only after reporting by The 74 confirmed its customers across the country were affected The BoardDocs software which allows school boards to disseminate agendas and other public documents to their communities while keeping other records private is used by some 5000 public sector entities in the US and Canada primarily public schools ppThe company declined to disclose the number of school districts that were affected after a glitch in its product erroneously published sensitive records to the web but said only about 1 of documents stored on BoardDocs or roughly 64000 files were exposedppCompany spokesperson Michele Steinmetz told The 74 Diligent began notifying all BoardDocs customers including those who were not directly affected on May 30 the same day The Philadelphia Inquirer published an investigation into a BoardDocs breach affecting the Lower Merion school district That instance appears to have been uncovered when plaintiffs in a legal case against the district came across privileged files while searching for public ones ppGet the most critical news and information about students rights safety and wellbeing delivered straight to your inboxppMultiple additional school districts that contract with BoardDocs however said they were unaware of the incident until they were contacted this week by The 74 and in several instances received confirmation of the breach from Diligent only after they reached out to the company directly to inquire about whether their own confidential records had been compromised ppIn an interview with The 74 one customer called the glitch an improper misconfiguration of the vendors products An option to store records in a private folder within the districts broader public library could be misleading and people could think and rightfully so Anything I put in there is not publicly available when in fact it could be accessed by an unauthenticated userppThe official who spoke on the condition of anonymity because they werent authorized to discuss the BoardDocs situation or draw attention to their districts cybersecurity practices said their school system was not notified proactively about the fallibility that came to light in Lower MerionppIt was something that should not have been in place the official said The vendor should have been more clear and thoughtful and communicative around that configuration and the implications of itppNithya Das Diligents chief legal and chief administrative officer acknowledged the problem to The 74 saying Documents that were supposed to be set to private access were made accessible She declined to elaborate on the misconfiguration but said the company took immediate action to resolve the issue once it was discovered ppShe stressed that the confidential records had been made available on the BoardDocs platform only for a matter of a few months and existed only on that platform meaning that someone could not have gone onto their web browser and pulled up Google or Yahoo or something like that to find them pp I dont mean to downplay the situation but I do think its important to just keep in mind that it was extremely limited in terms of scope impact and duration Das said In order for these documents that were meant to be private to be publicly accessible you would actually have to go into the BoardDocs application and do a fairly specific searchppIts likely that some of the documents that may have been exposed would be those dealt with during school boards executive sessions where the law allows them to meet behind closed doors to discuss sensitive or privileged subjects These include personnel matters and employee disciplinary issues litigation involving plaintiffs often parents alleging wrongdoing union contract negotiations and pending real estate transactionsppInternal records from executive sessions were made publicly accessible in the Lower Merion breach according to the school districts lawyer A parent who came upon a trove of confidential memos told the Inquirer the discovery felt weird I was like Wait how am I reading thisppDenise Marshall chief executive officer of the nonprofit Council of Parent Attorneys and Advocates which works to protect the legal and civil rights of students with disabilities and their families said the breach was a great concern because school boards regularly discuss sensitive issues concerning these children Its unclear whether BoardDoc files related to special education services were compromisedppWe know of instances where families have been retaliated against because of information thats been shared and made public through one means or another from board meetings she said Its important that the school boards and of course BoardDocs take every effort to ensure that privacy is safeguarded ppThe vulnerability at BoardDocs is the latest example of how school districts reliance on thirdparty technology vendors for critical systems can introduce weaknesses and put sensitive information about students parents and educators at risk Last week 19yearold Matthew Lane pleaded guilty in Massachusetts federal court for his role in a recent cyberattack on education technology behemoth PowerSchool which led to a data breach exposing the personal information of millions of students parents and teachers globally The PowerSchool cyberattack and subsequent data breach has prompted dozens of lawsuits filed by parents students and school districts ppThe National School Boards Association which represents more than 90000 local school board members didnt respond to requests for comment from The 74 On social media in April the trade group gave a special shout out to BoardDocs for their generous support of the nonprofits 85th anniversary celebrationppBoardDocs doesnt list its fees on its website The New York State School Boards Association notes on its site that the tool is available for as little as 3000 per year and a onetime 1000 startup fee ppSchool cybersecurity expert Doug Levin cofounder and national director of the nonprofit K12 Security Information eXchange said the BoardDocs incident is a cautionary tale for both school districts and their vendors ppAny reasonable person if upon selecting a setting to private would presume that it would not be searchable Levin said I certainly dont fault anyone for taking a private setting at face valueppAfter a large urban school district quizzed the company about the news out of Lower Merion Diligent acknowledged in a notice obtained by The 74 that the districts private records could have been returned as part of a public search result if specific search terms were usedppOur investigation determined that your organizations BoardDocs site had documents in the accessible private folder MarKeith Allen Diligents chief customer officer wrote in an email to the district earlier this month ppThe record was provided to The 74 on the condition that the district not be named ppIn addition to a general notification to all its customers Das Diligents chief legal and chief administrative officer said that for customers we believed could have been impacted the company sent them a different communication obviously letting them know of that situation Das declined to provide copies of those communications to The 74 and said the company is not required to notify impacted individuals under any statelevel breach notification laws ppWe did also have a process of doing some direct outreach to impacted clients like picking up the telephone and calling them and so I guess I am surprised to hear that there might be clients who werent aware of the situation until you reached out said Das who noted the company does not plan to release a public statement about the breach The goal was not to try to hide the issue hereppAmy Buckman the Lower Merion school district spokesperson said in a statement that Diligent admitted there had been an error by their company in protecting confidential documents stored on their site and said immediate corrective action would be taken Still Buckman said the district put Diligent on notice that it would hold BoardDocs responsible for any damages resulting from the breachppThis isnt Diligents first time responding to a data breach involving sensitive information In 2022 the company suffered a cyberattack and subsequent breach involving a tool unrelated to its work with schools with affected customers including defense contractor Leidos That incident prompted at least three federal class action lawsuits which led to court settlements ppOfficials with school districts across the country that contract with BoardDocs including in Scottsdale Arizona and at the Illinois State Board of Education told The 74 they hadnt received notices about the incident ppAt this point in time we have no information on this topic Barth Paine the spokesperson for Californias Fremont Unified School District wrote to The 74 Please email us back if you have more details about our specific District We are now investigating this issueppCopyright 2025 The 74 Media Incp
ppAmericas Education News SourceppCopyright 2025 The 74 Media IncppBoardDocs a software tool used by thousands of school boards to track meeting minutes and store confidential information has suffered a data breach affecting districts nationally The 74 has learned Records at the center of the breach include confidential files protected by attorneyclient privilege and other sensitive data that school leaders intended to keep under wraps ppBoardDocs parent company Diligent Corporation acknowledged Tuesday the breach was national in scope only after reporting by The 74 confirmed its customers across the country were affected The BoardDocs software which allows school boards to disseminate agendas and other public documents to their communities while keeping other records private is used by some 5000 public sector entities in the US and Canada primarily public schools ppThe company declined to disclose the number of school districts that were affected after a glitch in its product erroneously published sensitive records to the web but said only about 1 of documents stored on BoardDocs or roughly 64000 files were exposedppCompany spokesperson Michele Steinmetz told The 74 Diligent began notifying all BoardDocs customers including those who were not directly affected on May 30 the same day The Philadelphia Inquirer published an investigation into a BoardDocs breach affecting the Lower Merion school district That instance appears to have been uncovered when plaintiffs in a legal case against the district came across privileged files while searching for public ones ppGet the most critical news and information about students rights safety and wellbeing delivered straight to your inboxppMultiple additional school districts that contract with BoardDocs however said they were unaware of the incident until they were contacted this week by The 74 and in several instances received confirmation of the breach from Diligent only after they reached out to the company directly to inquire about whether their own confidential records had been compromised ppIn an interview with The 74 one customer called the glitch an improper misconfiguration of the vendors products An option to store records in a private folder within the districts broader public library could be misleading and people could think and rightfully so Anything I put in there is not publicly available when in fact it could be accessed by an unauthenticated userppThe official who spoke on the condition of anonymity because they werent authorized to discuss the BoardDocs situation or draw attention to their districts cybersecurity practices said their school system was not notified proactively about the fallibility that came to light in Lower MerionppIt was something that should not have been in place the official said The vendor should have been more clear and thoughtful and communicative around that configuration and the implications of itppNithya Das Diligents chief legal and chief administrative officer acknowledged the problem to The 74 saying Documents that were supposed to be set to private access were made accessible She declined to elaborate on the misconfiguration but said the company took immediate action to resolve the issue once it was discovered ppShe stressed that the confidential records had been made available on the BoardDocs platform only for a matter of a few months and existed only on that platform meaning that someone could not have gone onto their web browser and pulled up Google or Yahoo or something like that to find them pp I dont mean to downplay the situation but I do think its important to just keep in mind that it was extremely limited in terms of scope impact and duration Das said In order for these documents that were meant to be private to be publicly accessible you would actually have to go into the BoardDocs application and do a fairly specific searchppIts likely that some of the documents that may have been exposed would be those dealt with during school boards executive sessions where the law allows them to meet behind closed doors to discuss sensitive or privileged subjects These include personnel matters and employee disciplinary issues litigation involving plaintiffs often parents alleging wrongdoing union contract negotiations and pending real estate transactionsppInternal records from executive sessions were made publicly accessible in the Lower Merion breach according to the school districts lawyer A parent who came upon a trove of confidential memos told the Inquirer the discovery felt weird I was like Wait how am I reading thisppDenise Marshall chief executive officer of the nonprofit Council of Parent Attorneys and Advocates which works to protect the legal and civil rights of students with disabilities and their families said the breach was a great concern because school boards regularly discuss sensitive issues concerning these children Its unclear whether BoardDoc files related to special education services were compromisedppWe know of instances where families have been retaliated against because of information thats been shared and made public through one means or another from board meetings she said Its important that the school boards and of course BoardDocs take every effort to ensure that privacy is safeguarded ppThe vulnerability at BoardDocs is the latest example of how school districts reliance on thirdparty technology vendors for critical systems can introduce weaknesses and put sensitive information about students parents and educators at risk Last week 19yearold Matthew Lane pleaded guilty in Massachusetts federal court for his role in a recent cyberattack on education technology behemoth PowerSchool which led to a data breach exposing the personal information of millions of students parents and teachers globally The PowerSchool cyberattack and subsequent data breach has prompted dozens of lawsuits filed by parents students and school districts ppThe National School Boards Association which represents more than 90000 local school board members didnt respond to requests for comment from The 74 On social media in April the trade group gave a special shout out to BoardDocs for their generous support of the nonprofits 85th anniversary celebrationppBoardDocs doesnt list its fees on its website The New York State School Boards Association notes on its site that the tool is available for as little as 3000 per year and a onetime 1000 startup fee ppSchool cybersecurity expert Doug Levin cofounder and national director of the nonprofit K12 Security Information eXchange said the BoardDocs incident is a cautionary tale for both school districts and their vendors ppAny reasonable person if upon selecting a setting to private would presume that it would not be searchable Levin said I certainly dont fault anyone for taking a private setting at face valueppAfter a large urban school district quizzed the company about the news out of Lower Merion Diligent acknowledged in a notice obtained by The 74 that the districts private records could have been returned as part of a public search result if specific search terms were usedppOur investigation determined that your organizations BoardDocs site had documents in the accessible private folder MarKeith Allen Diligents chief customer officer wrote in an email to the district earlier this month ppThe record was provided to The 74 on the condition that the district not be named ppIn addition to a general notification to all its customers Das Diligents chief legal and chief administrative officer said that for customers we believed could have been impacted the company sent them a different communication obviously letting them know of that situation Das declined to provide copies of those communications to The 74 and said the company is not required to notify impacted individuals under any statelevel breach notification laws ppWe did also have a process of doing some direct outreach to impacted clients like picking up the telephone and calling them and so I guess I am surprised to hear that there might be clients who werent aware of the situation until you reached out said Das who noted the company does not plan to release a public statement about the breach The goal was not to try to hide the issue hereppAmy Buckman the Lower Merion school district spokesperson said in a statement that Diligent admitted there had been an error by their company in protecting confidential documents stored on their site and said immediate corrective action would be taken Still Buckman said the district put Diligent on notice that it would hold BoardDocs responsible for any damages resulting from the breachppThis isnt Diligents first time responding to a data breach involving sensitive information In 2022 the company suffered a cyberattack and subsequent breach involving a tool unrelated to its work with schools with affected customers including defense contractor Leidos That incident prompted at least three federal class action lawsuits which led to court settlements ppOfficials with school districts across the country that contract with BoardDocs including in Scottsdale Arizona and at the Illinois State Board of Education told The 74 they hadnt received notices about the incident ppAt this point in time we have no information on this topic Barth Paine the spokesperson for Californias Fremont Unified School District wrote to The 74 Please email us back if you have more details about our specific District We are now investigating this issueppGet stories like these delivered straight to your inbox Sign up for The 74 NewsletterppMark Keierleber is an investigative reporter at The 74ppWe want our stories to be shared as widely as possible for freeppPlease view The 74s republishing termsppBy Mark KeierleberppThis story first appeared at The 74 a nonprofit news site covering education Sign up for free newsletters from The 74 to get more like this in your inboxppBoardDocs a software tool used by thousands of school boards to track meeting minutes and store confidential information has suffered a data breach affecting districts nationally The 74 has learned Records at the center of the breach include confidential files protected by attorneyclient privilege and other sensitive data that school leaders intended to keep under wraps ppBoardDocs parent company Diligent Corporation acknowledged Tuesday the breach was national in scope only after reporting by The 74 confirmed its customers across the country were affected The BoardDocs software which allows school boards to disseminate agendas and other public documents to their communities while keeping other records private is used by some 5000 public sector entities in the US and Canada primarily public schools ppThe company declined to disclose the number of school districts that were affected after a glitch in its product erroneously published sensitive records to the web but said only about 1 of documents stored on BoardDocs or roughly 64000 files were exposedppCompany spokesperson Michele Steinmetz told The 74 Diligent began notifying all BoardDocs customers including those who were not directly affected on May 30 the same day The Philadelphia Inquirer published an investigation into a BoardDocs breach affecting the Lower Merion school district That instance appears to have been uncovered when plaintiffs in a legal case against the district came across privileged files while searching for public ones ppGet the most critical news and information about students rights safety and wellbeing delivered straight to your inboxppMultiple additional school districts that contract with BoardDocs however said they were unaware of the incident until they were contacted this week by The 74 and in several instances received confirmation of the breach from Diligent only after they reached out to the company directly to inquire about whether their own confidential records had been compromised ppIn an interview with The 74 one customer called the glitch an improper misconfiguration of the vendors products An option to store records in a private folder within the districts broader public library could be misleading and people could think and rightfully so Anything I put in there is not publicly available when in fact it could be accessed by an unauthenticated userppThe official who spoke on the condition of anonymity because they werent authorized to discuss the BoardDocs situation or draw attention to their districts cybersecurity practices said their school system was not notified proactively about the fallibility that came to light in Lower MerionppIt was something that should not have been in place the official said The vendor should have been more clear and thoughtful and communicative around that configuration and the implications of itppNithya Das Diligents chief legal and chief administrative officer acknowledged the problem to The 74 saying Documents that were supposed to be set to private access were made accessible She declined to elaborate on the misconfiguration but said the company took immediate action to resolve the issue once it was discovered ppShe stressed that the confidential records had been made available on the BoardDocs platform only for a matter of a few months and existed only on that platform meaning that someone could not have gone onto their web browser and pulled up Google or Yahoo or something like that to find them pp I dont mean to downplay the situation but I do think its important to just keep in mind that it was extremely limited in terms of scope impact and duration Das said In order for these documents that were meant to be private to be publicly accessible you would actually have to go into the BoardDocs application and do a fairly specific searchppIts likely that some of the documents that may have been exposed would be those dealt with during school boards executive sessions where the law allows them to meet behind closed doors to discuss sensitive or privileged subjects These include personnel matters and employee disciplinary issues litigation involving plaintiffs often parents alleging wrongdoing union contract negotiations and pending real estate transactionsppInternal records from executive sessions were made publicly accessible in the Lower Merion breach according to the school districts lawyer A parent who came upon a trove of confidential memos told the Inquirer the discovery felt weird I was like Wait how am I reading thisppDenise Marshall chief executive officer of the nonprofit Council of Parent Attorneys and Advocates which works to protect the legal and civil rights of students with disabilities and their families said the breach was a great concern because school boards regularly discuss sensitive issues concerning these children Its unclear whether BoardDoc files related to special education services were compromisedppWe know of instances where families have been retaliated against because of information thats been shared and made public through one means or another from board meetings she said Its important that the school boards and of course BoardDocs take every effort to ensure that privacy is safeguarded ppThe vulnerability at BoardDocs is the latest example of how school districts reliance on thirdparty technology vendors for critical systems can introduce weaknesses and put sensitive information about students parents and educators at risk Last week 19yearold Matthew Lane pleaded guilty in Massachusetts federal court for his role in a recent cyberattack on education technology behemoth PowerSchool which led to a data breach exposing the personal information of millions of students parents and teachers globally The PowerSchool cyberattack and subsequent data breach has prompted dozens of lawsuits filed by parents students and school districts ppThe National School Boards Association which represents more than 90000 local school board members didnt respond to requests for comment from The 74 On social media in April the trade group gave a special shout out to BoardDocs for their generous support of the nonprofits 85th anniversary celebrationppBoardDocs doesnt list its fees on its website The New York State School Boards Association notes on its site that the tool is available for as little as 3000 per year and a onetime 1000 startup fee ppSchool cybersecurity expert Doug Levin cofounder and national director of the nonprofit K12 Security Information eXchange said the BoardDocs incident is a cautionary tale for both school districts and their vendors ppAny reasonable person if upon selecting a setting to private would presume that it would not be searchable Levin said I certainly dont fault anyone for taking a private setting at face valueppAfter a large urban school district quizzed the company about the news out of Lower Merion Diligent acknowledged in a notice obtained by The 74 that the districts private records could have been returned as part of a public search result if specific search terms were usedppOur investigation determined that your organizations BoardDocs site had documents in the accessible private folder MarKeith Allen Diligents chief customer officer wrote in an email to the district earlier this month ppThe record was provided to The 74 on the condition that the district not be named ppIn addition to a general notification to all its customers Das Diligents chief legal and chief administrative officer said that for customers we believed could have been impacted the company sent them a different communication obviously letting them know of that situation Das declined to provide copies of those communications to The 74 and said the company is not required to notify impacted individuals under any statelevel breach notification laws ppWe did also have a process of doing some direct outreach to impacted clients like picking up the telephone and calling them and so I guess I am surprised to hear that there might be clients who werent aware of the situation until you reached out said Das who noted the company does not plan to release a public statement about the breach The goal was not to try to hide the issue hereppAmy Buckman the Lower Merion school district spokesperson said in a statement that Diligent admitted there had been an error by their company in protecting confidential documents stored on their site and said immediate corrective action would be taken Still Buckman said the district put Diligent on notice that it would hold BoardDocs responsible for any damages resulting from the breachppThis isnt Diligents first time responding to a data breach involving sensitive information In 2022 the company suffered a cyberattack and subsequent breach involving a tool unrelated to its work with schools with affected customers including defense contractor Leidos That incident prompted at least three federal class action lawsuits which led to court settlements ppOfficials with school districts across the country that contract with BoardDocs including in Scottsdale Arizona and at the Illinois State Board of Education told The 74 they hadnt received notices about the incident ppAt this point in time we have no information on this topic Barth Paine the spokesperson for Californias Fremont Unified School District wrote to The 74 Please email us back if you have more details about our specific District We are now investigating this issueppCopyright 2025 The 74 Media Incp
