BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

FL: Student Files Are Exposed on Web Site

From: lyger <lyger () attrition org>
Date: Tue, 19 Aug 2008 11:31:16 +0000 (UTC)

http://www.nytimes.com/2008/08/19/technology/19review.html?_r=1&ref=technology&oref=slogin

The Princeton Review, the test-preparatory firm, accidentally published 
the personal data and standardized test scores of tens of thousands of 
Florida students on its Web site, where they were available for seven 
weeks.

A flaw in configuring the site allowed anyone to type in a relatively 
simple Web address and have unfettered access to hundreds of files on the 
company's computer network, including educational materials and internal 
communications.

Another test-preparatory company said it stumbled on the files while doing 
competitive research. This company provided The New York Times with the 
Web address of the internal files on the condition that it not be named. 
The Times informed the Princeton Review of the problem on Monday, and the 
company promptly shut off access to that portion of its site.

One file on the site contained information on about 34,000 students in the 
public schools in Sarasota, Fla., where the Princeton Review was hired to 
build an online tool to help the county measure students. academic 
progress. The file included the students' birthdays and ethnicities, 
whether they had learning disabilities, whether English was their second 
language, and their level of performance on the Florida Comprehensive 
Assessment Test, which is given to students in grades 3 to 11.

Another folder contained dozens of files with names and birth dates for 
74,000 students in the school system of Fairfax County, Va., which had 
hired the Princeton Review to measure and improve student performance.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: