Confidential student records were available via the internet.
IT security and control firm Sophos is today reminding
organizations of the importance of data protection following
media
reports that more than 100,000 student records were
accidentally made available online. The security blunder by The
Princeton Review, an educational support services provider, is
believed to have happened as a result of the company changing
internet providers earlier this year, exposing the confidential
data for seven weeks.
The Princeton Review's publicly accessible and searchable
website exposed the dates of birth and names of 74,000 students in
Virginia. In addition, another file revealed the dates of birth,
test scores and ethnicity of 34,000 students in Florida, after the
county hired The Princeton Review to measure academic progress.
"We should all be grateful that The Princeton Review has taken
action over this data breach, but it should never have happened in
the first place," said Graham Cluley, senior
technology consultant for Sophos. "The information should have
been held securely, and identifying data such as names and full
dates of birth should have been wiped from the files."
The data breach was discovered and exposed by a competitor of
The Princeton Review as it conducted competitive intelligence.
"If you need any encouragement to make sure that your house is
in order and your data secure, and the threat of identity thieves
isn't enough for you, then maybe the thought that a business rival
might take your blunder to the press will do it," continued
Cluley.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.