After a recent upgrade to their backup systems, a configuration error exposed some of the company’s backup files. A well-known computer security researcher who has led sessions at the RSA security conference had spent several hours doing targeted analysis of Schoolzilla’s data systems when he uncovered the vulnerability. As soon as the vendor learned of the problem, on the morning of Wednesday, April 5, they immediately: (1) corrected the security configuration; (2) confirmed from a review of our logs that only the one researcher had accessed that data; and (3) ensured, via a sworn affidavit, that the researcher deleted the files and had not transferred or shared them with anyone else.