Jump to content
  • Stanford University discloses data breach affecting PhD applicants

    alf9872000

    • 400 views
    • 3 minutes
     Share


    • 400 views
    • 3 minutes

    Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.

     

    Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization.

     

    "On January 24, 2023, Stanford was notified that a folder containing the 2022-23 application files for admission to Stanford's Department of Economics' Ph.D. program was available through the department's website because of a misconfiguration of the folder's settings," the university told affected individuals.

     

    "We promptly investigated this matter, which revealed that the unrestricted access to the applications began on December 5, 2022, and that there were two downloads of the application materials between December 5, 2022, and January 24, 2023."

     

    The information exposed as a result of this breach comprises application and accompanying materials, including names, dates of birth, home and mailing addresses, phone numbers, email addresses, race and ethnicity, citizenship, and gender.

     

    "The incident does not involve programs at Stanford other than the PhD program in Economics. It also does not involve undergraduate applications to the university," the university said in a separate statement on its website.

    Financial and social security info not exposed

    Some materials submitted during the Ph.D. application process also included applicants' health information. Social Security Numbers and financial data were not exposed during the incident because application files did not contain this type of data.

     

    Stanford immediately blocked access to the files once it found out about the accidental exposure. At the moment, the university said that it found no evidence that the downloaded information has been misused.

     

    "The confidentiality, privacy, and security of personal information are among our highest priorities, and we have security measures in place to protect this type of information," Stanford added.

     

    "In response to this incident, we are updating our processes and policies related to electronic file storage security and will be retraining faculty and staff on the policies."

     

    This incident follows an April 2021 data breach disclosed after the Clop ransomware group leaked documents stolen from Stanford School of Medicine's Accellion File Transfer Appliance (FTA) platform.

     

    Data published online by the Clop cybercrime gang after the 2021 attack included names, addresses, email addresses, Social Security numbers, and financial information.

     

    A Stanford spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...