P3 Campus and its partner programs like Safe2Say Something PA, Safe2Tell, and Sandy Hook Promise were supposed to provide secure and anonymous ability to report tips.

Promises of security and anonymity do not appear to have been kept. A hacker claims it was easy to gain access and repeatedly access the database to acquire more than 8 million tips.

There is not much anonymous about what I reviewed in the dataset.

Many of the school-related tips I reviewed reported concerns over named students with suicidal ideation or cutting, students being bullied or bullying others, and drugs (mostly vaping) in school. Some students reported cybercriminal activity.

Navigate360, the parent company of P3, still hasn't publicly acknowledged that it was breached and that sensitive information was involved. Their lack of transparency was noted by @douglevin

The dataset has not been leaked publicly, but the "Internet Yiff Machine" who provided it to #ddosecrets and @mikaelthalen -- and then to me -- has listed it for sale.

My focus in this post was on the student/school -related tips, but the 93.51 GB dataset has millions of tips that include adult issues and crimes, including drugs, homicide, assaults, etc. I provide one or two examples from the non-student tips to illustrate how sensitive the tips are in this dataset.

This may be the worst breach I've ever seen involving sensitive student information, and I've seen many student-related data breaches over the past two decades.

Read: "P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.'" at https://databreaches.net/2026/04/16/p3-advertised-20-years-and-0-security-breaches-you-can-guess-what-happened-next/

#BlueLeaks2 #DDoSecrets #databreach #P3Campus #P3Tips #Navigate360 #CrimeStoppers #Safety #Safe2tell #InternetYiffMachine

@zackwhittaker @campuscodi @jgreig @euroinfosec @funnymonkey @mkeierleber