Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line

Summary

Senators Hassan and Banks sent a letter to Navigate360 demanding answers after hackers claimed to breach the company's P3 Global Intel tip line and steal 93 gigabytes of sensitive student data. The incident raises concerns about the platform's anonymity protections, as personally identifiable information was allegedly released despite the service being marketed as anonymous. Navigate360 serves over 30,000 schools and 5,000 public safety agencies, making the breach a significant threat to school safety reporting systems.

Full text

A bipartisan pair of senators want a company that operates a tip line for anonymously reporting school safety concerns to answer questions about hackers compromising sensitive student information. Sens. Maggie Hassan, D-N.H., and Jim Banks, R-Ind., announced on Monday they’d sent a letter to the firm, Navigate360, about last month’s incident. “We write to express significant concern about the risks to students, staff, and schools from a recent cyberattack on your company’s P3 Global Intel tip line,” they said in the April 24 letter. “We are particularly concerned by reports that the cyberattack exploited platform vulnerabilities in order to steal students’ highly sensitive personally identifiable information. We urge you to provide the public clarity regarding what data was stolen, how Navigate360 is responding, and what safeguards Navigate360 will put into place to prevent this from happening again.” According to the company, more than 30,000 schools and 5,000 public safety agencies use Navigate360’s products. Hackers claimed to purloin 93 gigabytes of data from the firm. “Your company markets its product as an anonymous tip line,” Hassan and Banks said. “However, the personally identifiable information recently released by the hackers suggests otherwise. This puts the safety of students at risk and undermines public trust in using such platforms to report suspicious activity. Education and school safety experts have expressed concerns that, without guaranteed anonymity, students will choose not to report safety concerns.” At the time of the alleged breach, Navigate360 CEO JP Guilbault said the company was working to determine if there was an incident and if there was, its extent. He did not confirm that sensitive information was released. The company did not immediately respond to a request for comment on the senators’ letter Monday. A whopping 82% of K-12 schools said they experienced a cyber incident between July 2023 and December 2024, according to a report from the Center for Internet Security. The scale of cyberattacks on schools expanded during COVID-19. Hackers seeking student information usually have a financial motive, such as holding the information for ransom. The hackers in the Navigate360 case were apparently motivated by hacktivism. “Remember folks, don’t do the dirty work for the pigs,” they wrote. “Investigating crime is their job, not yours. They don’t care about you, they want convictions and prisoners to fuel the for-profit prisons.” Hassan and Banks’ specific questions for Navigate360 included inquiries about its cybersecurity practices, what data was compromised, whether the tip line is fully anonymous and what kind of help the company has provided to school districts. Share Facebook LinkedIn Twitter Copy Link

Indicators of Compromise

• malware — Navigate360 P3 Global Intel platform breach

Entities