Navigator Children

An open API endpoint at the Navigator Children educational platform led to the exposure of sensitive personal information in 2021. The breach involved approximately 50000 unique records belonging to teachers, students, and parents. The exposed data included full names, dates of birth, contact details, and government identification numbers such as SNILS. This incident highlights significant security flaws in the services data protection mechanisms, as the information was accessible without proper authentication due to a misconfigured endpoint.