Stanford University revealed a data breach after files containing a doctorate in economics. program admission information was downloaded from its website between December 2022 and January 2023.

Last week, the university sent data breach notification letters to those who have submitted personal and health information as part of the graduate school application to its economics department, notifying them that their information has been accessed without permission.

“On January 24, 2023, Stanford was notified that a package containing the 2022-23 application files for admission to the Stanford Department of Economics PhD program was available on the department’s website due to a misconfiguration of folder settings,” the university told those affected.

“We promptly investigated this matter, which revealed that unlimited app access began on December 5, 2022 and that there were two downloads of the application materials between December 5, 2022 and January 24, 2023. “

Information exposed as a result of this breach includes the application and accompanying documents, including names, dates of birth, mailing and home addresses, phone numbers, email addresses, race and ethnicity, citizenship, and gender. .

Unexposed financial and social security information

Some materials submitted during the Ph.D. the application process also included applicants’ health information. Social security numbers and financial data were not exposed during the incident because the application files did not contain this type of data.

Stanford immediately blocked access to the files once it discovered the accidental exposure. At this time, the university said it has found no evidence the uploaded information has been misused.

“The privacy, confidentiality, and security of personal information are among our highest priorities, and we have security measures in place to protect this type of information,” Stanford added.

“In response to this incident, we are updating our processes and policies related to electronic file storage security and will re-train faculty and staff on the policies.”

This incident follows a April 2021 data breach leaked after ransomware group Clop leaked stolen documents from Stanford School of Medicine’s Accellion File Transfer Appliance (FTA) platform.

Data posted online by the Clop cybercrime gang after the 2021 attack included names, addresses, email addresses, social security numbers and financial information.

A Stanford spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.



Source link