Personal information of almost 100, 000 people exposed through flaw on site for transcripts

[InfoSec News <alerts () infosecnews org>]

http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/personal-information-of-almost-100000-people-exposed-through-flaw-on-site-for-transcripts/

By Ashkan Soltani, Julie Tate and Ellen Nakashima
The Washington Post
October 21, 2014

The personal information of almost 100,000 people seeking their high 
school transcripts was recently exposed on a Web site that helps students 
obtain their records.

The site, NeedMyTranscript.com, facilitates requests from all 50 states 
and covers more than 18,000 high schools around the country, according to 
its Web site and company chief executive officer.

The data included names, addresses, e-mail addresses, phone numbers, dates 
of birth, mothers' maiden names and the last four digits of the users' 
Social Security numbers. Although there is no evidence the data were 
stolen, privacy advocates say the availability of such basic personal 
information heightens the risk of identity theft.

The availability of the data appears to be the result of a flaw in the way 
the two-year-old site was designed. It highlights how easily sensitive 
personal information can be exposed with the proliferation of online 
businesses and services - many of which do not employ adequate security 
practices.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/