Home
Forum
Join Us
Articles
About Us
Tapestry

Coffee Break

Possible disclosure of the names of children to other relatives in a setting.

In News Tapestry on

Possible disclosure of the names of children to other relatives in a setting.

 

Up until 10:45 on 21 September, on the updated version of Tapestry, it was possible for logged in relatives with active accounts to, in restricted circumstances, see the names, groups and small profile photographs of other children in the setting. 

 

What could they see?

 

For children in the same setting as a relative:

 

* The names of other children 

* Small profile photos of other children

* The groups that other children were members of

 

What could they NOT see?

 

* Any further information about the children (for instance, they could not see observations nor pictures relating to the child, nor any contact details)

* Anything about children in other settings

 

Who could see this?

 

* Relatives using the updated version of the Tapestry website (https://tapestryjournal.com'>https://tapestryjournal.com)

 

Who could NOT see this?

 

* The public

* Inactive relatives

* Relatives at other settings

* Relatives on the original version of Tapestry (https://eylj.org'>https://eylj.org)

* Relatives using the Tapestry apps.

 

How could they see this?

 

Relatives who logged into the updated version of the Tapestry website would not have seen this information in their routine use of Tapestry. 

 

However, if they were exploring menu items when making an observation, the information was available.

 

How long could they see this for?

 

The fault existed from the time that a setting moved to the updated version of Tapestry until 10:45am on 21 September 2016. The longest period will have been 37 days. The majority of our customers have not moved, and will therefore not have been affected.

 

If you log into your setting using https://tapestryjournal.com then you are on the updated version of Tapestry. If you log into your setting using https://eylj.org then you are not.

 

What are we doing as a result of this?

 

We take the security of your data very seriously and are very sorry that this disclosure occurred. We are reviewing our procedures, particularly around the the way we test new features.

 

How can I discuss this further?

 

If you would like to discuss any aspect of this, please contact us at tapestry.security@eyfs.info

 

Our thanks

 

We are grateful for the prompt action of the relative who discovered the fault in reporting it to the nursery, and for the prompt action of the nursery in reporting it to us.

 




User Feedback

Recommended Comments

There are no comments to display.