Senators Demand Answers from Navigate360 After Cyberattack Exposes Student Data

U.S. Senators Maggie Hassan, D-N.H., and Jim Banks, R-Ind., have sent a formal letter to Navigate360, a company that operates an anonymous tip line for reporting school safety concerns, demanding answers about a recent cyberattack that compromised sensitive student information.

The letter, dated April 24, expresses "significant concern" about the risks posed to students, staff, and schools following the breach. The senators highlighted reports that the attack exploited vulnerabilities in Navigate360’s P3 Global Intel tip line to steal highly sensitive personally identifiable information (PII) from students.

“We write to express significant concern about the risks to students, staff, and schools from a recent cyberattack on your company’s P3 Global Intel tip line. We are particularly concerned by reports that the cyberattack exploited platform vulnerabilities in order to steal students’ highly sensitive personally identifiable information. We urge you to provide the public clarity regarding what data was stolen, how Navigate360 is responding, and what safeguards Navigate360 will put into place to prevent this from happening again.”

Navigate360 serves over 30,000 schools and 5,000 public safety agencies with its products. Hackers claimed to have stolen 93 gigabytes of data from the company during the breach.

The senators also raised concerns about the integrity of Navigate360’s anonymous tip line, stating:

“Your company markets its product as an anonymous tip line. However, the personally identifiable information recently released by the hackers suggests otherwise. This puts the safety of students at risk and undermines public trust in using such platforms to report suspicious activity. Education and school safety experts have expressed concerns that, without guaranteed anonymity, students will choose not to report safety concerns.”

At the time of the alleged breach, Navigate360 CEO JP Guilbault stated that the company was investigating whether an incident occurred and, if so, its scope. He did not confirm whether sensitive student data was exposed. The company has not yet responded to requests for comment regarding the senators’ letter.

The cyberattack on Navigate360 comes amid a surge in cyber incidents targeting K-12 schools. According to a report by the Center for Internet Security, 82% of K-12 schools reported experiencing a cyber incident between July 2023 and December 2024. The frequency and scale of such attacks have increased since the COVID-19 pandemic, with hackers often seeking student data for financial gain, such as ransom demands.

In this case, however, the hackers appeared to be motivated by hacktivism. They left a message stating:

“Remember folks, don’t do the dirty work for the pigs. Investigating crime is their job, not yours. They don’t care about you, they want convictions and prisoners to fuel the for-profit prisons.”

The senators’ letter to Navigate360 includes several key questions:

• What cybersecurity practices does the company have in place?
• What specific data was compromised in the breach?
• Is the tip line truly anonymous?
• What assistance has Navigate360 provided to affected school districts?