Wednesday, August 20, 2008

Data on 100,000 Exposed on Princeton Site

This is almost laughable but in a sad way. Due to avoidable configuration flaws, the Princeton Review web site exposed the personal information of 100,000 students from Florida and Virginia.

The story was reported in The New York Times on Monday with more details in Computer World the next day.

The data, which included names, birth dates, ethnicities, learning disabilities and test scores for the students was accessible for seven weeks. The breach was discovered by a competing test company, which alerted the Times.

This could have been avoided if there were access controls to the sensitive data on the site. The solution was simple to a breach -- though not really enormous in size -- was enormous in impact and embarrassment to the Princeton Review.


Post a Comment

<< Home