Sophos: US students exposed to risk of identity fraud
August 2008 by Sophos
IT security and control firm Sophos is today reminding organisations of the importance of data protection following media reports that more than 100,000 student records were accidentally made available online. The security blunder by The Princeton Review, an educational support services provider, is believed to have happened as a result of the company changing internet providers earlier this year, exposing the confidential data for seven weeks.
The Princeton Review’s publicly accessible and searchable website exposed the dates of birth and names of 74,000 students in Virginia. In addition, another file revealed the dates of birth, test scores and ethnicity of 34,000 students in Florida, after the county hired The Princeton Review to measure academic progress.
“We should all be grateful that The Princeton Review has taken action over this data breach, but it should never have happened in the first place,” said Graham Cluley, senior technology consultant for Sophos. “The information should have been held securely, and identifying data such as names and full dates of birth should have been wiped from the files.”
The data breach was discovered and exposed by a competitor of The Princeton Review as it conducted competitive intelligence.
“If you need any encouragement to make sure that your house is in order and your data secure, and the threat of identity thieves isn’t enough for you, then maybe the thought that a business rival might take your blunder to the press will do it,” continued Cluley.