Home » Update on Raptor Technologies Data Vulnerability Issue

Update on Raptor Technologies Data Vulnerability Issue

Posted on February 15, 2024

This is a follow up on the notice sent on Jan. 12 regarding the data vulnerability that involved specific cloud-hosted data related to our Emergency Management software with Raptor Technologies.

Once Raptor learned of the vulnerability, they took action to secure, remediate, and investigate, and worked with APS Safety, Security & Emergency Management (SSEM) and Information Services (IS) to fully review the incident.

Raptor Technologies determined that the security vulnerability for APS was isolated to the Emergency Management database. While information was vulnerable, there is no indication that APS student or staff information, or emergency management documents, have been accessed or misused. The personal information within the Volunteer and Visitor Management systems, such as driver’s license information, was not affected.

APS continues to work with Raptor to monitor progress on their remediation efforts and security enhancements to protect our data.

Raptor Update FAQ

What Personal Information was Involved?

We share the first and last name of every student and staff, and the unique APS identification numbers, with Raptor Technologies for the Emergency Management software. At this time, there is no indication that the names of students and staff and the APS identification numbers were exploited by third parties.

The personal information of visitors and volunteers, such as driver’s license data, within the Volunteer and Visitor Management software was not affected by this incident.

What Emergency Management Information was Involved?

We use the Emergency Management software to monitor and log emergency preparedness activities, like drills and training exercises. We also use this software as a document library to share emergency operations plans and procedures. This information was vulnerable. However, Raptor Technologies conducted a comprehensive internet search to identify if the data had been acquired by malicious actors. Currently, there is no evidence of any malicious access or use of the data.

What are the next steps?

APS is working with Raptor to ensure that our information within the system is secure. Raptor will continue to conduct active monitoring of the data that was accessible for a limited amount of time. The vendor will also provide regular updates on progress and remediation efforts and make enhancements to their security protocols.