A coding error in BoardDocs, a software platform used by over 5,000 public entities across the U.S. and Canada to manage school board documents, may have left up to 64,000 confidential files vulnerable for months.
The issue stemmed from a “misconfiguration” that allowed documents marked as “private” to be accessed through the platform’s in-app search, according to Diligent Corporation (Diligent), BoardDocs’ parent company. [The 74]
Why it Matters
Many school districts rely on BoardDocs to manage and share materials related to governance, including sensitive internal documents meant to remain confidential, such as legal memos, personnel matters, and executive session records. The exposure raises concerns about how securely edtech vendors are handling sensitive data.
One district, Lower Merion in Pennsylvania, discovered the issue when confidential documents were accessed during a lawsuit. [Education Week, subscription model; The Philadelphia Inquirer, subscription model]
What’s Next
Diligent said it fixed the issue and began notifying clients on May 30, but some districts only learned of the problem through journalists and had to contact the company directly for confirmation
In response, security experts urge school districts to strengthen contract language with vendors to ensure timely incident reporting and regular software security reviews. As schools become increasingly reliant on third-party platforms, this incident underscores that privacy protections must be proactive and shared, and that even small technical oversights can carry major consequences.
This article is sourced from Whiteboard Notes, our weekly newsletter of the latest education policy and industry news read by thousands of education leaders, investors, grantmakers, and entrepreneurs. Subscribe here.
