Exclusive: Bug in student admissions website exposed children's personal information
TechCrunch
by Zack WhittakerFebruary 19, 2026
AI-Generated Deep Dive Summary
An alarming security vulnerability in Ravenna Hub, a widely used student admissions website, has been exposed. The platform, which allows parents to apply and track their children’s school applications across thousands of schools, had a critical flaw that permitted any logged-in user to access sensitive personal data of other users, including their children. This included names, dates of birth, addresses, photographs, sibling details, email addresses, phone numbers, and other identifiable information about students and parents. The vulnerability was first reported by TechCrunch, which alerted the company on Wednesday.
The bug, known as an insecure direct object reference (IDOR), allowed users to manipulate profile IDs in their web browsers to view data belonging to other students. Since Ravenna Hub assigns sequential student numbers, it was possible for any user to access another student’s records by incrementing or altering the ID in the URL. TechCrunch demonstrated this issue by creating a test account and discovering over 1.63 million accessible profiles. Florida-based VenturEd Solutions, which develops and maintains Ravenna Hub, swiftly fixed the bug on the same day but did not commit to notifying users about the breach or investigating potential unauthorized access.
This incident highlights a concerning lack of oversight in cybersecurity practices. While VenturEd CEO Nick Laird confirmed that the company replicated and addressed the issue, he declined to provide details on whether user notifications would occur or if Ravenna Hub undergoes third-party security audits. The absence of clear answers raises questions about the platform’s commitment to protecting sensitive data. Such vulnerabilities not only compromise personal information but also erode trust in educational technology platforms relied upon by millions of families.
The exposure of children’s and parents’ personal data underscores the critical need for robust cybersecurity measures in online education tools. While Ravenna Hub serves over a million students annually, handling vast amounts of sensitive information requires stringent security protocols to prevent similar lapses. The IDOR flaw is a common yet serious issue that often results from inadequate security controls during software development. This case joins a growing list of incidents where simple yet severe security oversights have led to the unauthorized exposure of personal data.
For readers interested in tech and cybersecurity, this story emphasizes the importance of vigilance in securing digital platforms, especially those handling sensitive information like education records. As online tools become more integral to school admissions processes, ensuring
Verticals
techstartups
Originally published on TechCrunch on 2/19/2026