Stanford University has revealed that it experienced a data breach during which confidential files containing admission information for its Economics Ph.D. program were downloaded from its website. The breach occurred between December 2022 and January 2023. Last week, the university sent letters notifying 897 individuals who submitted personal and health information as part of their graduate application to the Department of Economics, that their data was accessed without authorization.
The university explained that on January 24, 2023, it was alerted that a folder containing the 2022-23 application files for the Department of Economics’ Ph.D. program was accessible through a misconfiguration of the folder’s settings. After investigation, it was revealed that unrestricted access to the applications began on December 5, 2022, and that two downloads of the application materials occurred between December 5, 2022, and January 24, 2023.
The information exposed in the breach includes names, dates of birth, home and mailing addresses, phone numbers, email addresses, race and ethnicity, citizenship, and gender. Stanford University has stated that the incident does not involve any programs at Stanford other than the PhD program in Economics and that it does not include undergraduate applications to the university.
Financial and social security info not exposed
Stanford University has revealed that its website was breached between December 2022 and January 2023, resulting in unauthorized access to files containing admission information for its Economics Ph.D. program. The university sent notifications to 897 individuals whose personal and health information was accessed without authorization.
The exposed information includes applicants’ names, dates of birth, home and mailing addresses, phone numbers, email addresses, race and ethnicity, citizenship, and gender. However, Social Security Numbers and financial data were not exposed because the application files did not contain this type of information. Stanford took immediate action to block access to the files and has found no evidence of misuse of the downloaded information. The university has also updated its policies and processes related to electronic file storage security and will be retraining faculty and staff on the policies.
This incident comes after a 2021 data breach where documents were stolen from Stanford School of Medicine’s Accellion File Transfer Appliance platform and leaked by the Clop ransomware group.
Go to Source
Author: Sergiu Gatlan
