IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

CONTRIBUTOR: Robert Charette

Government Inc.

IT Project Failure

KrebsonSecurity

WSJ Health Blog

BLOGS // The Risk Factor

Student Records Exposed on Web

POSTED BY: Robert Charette / Tue, August 19, 2008

The New York Times this morning reports that the test-preparatory company The Princeton Review accidentally published students' personal data and standardized test scores on its website. Information on at least 34,000 Florida students and 74,000 Virginia students was supposedly readily available to anyone accessing the company's website.

The information, which had been up for at least seven weeks, was found by a firm doing competitive research on The Princeton Review. It told the New York Times, who then contacted The Princeton Review, who immediately cut off access.

It appears that a site configuration flaw allowed "access to hundreds of files on the companyâ''s computer network, including educational materials and internal communications," according to the Times.

The Times said, "In addition to the information on students, the site contained the Princeton Reviewâ''s educational materials for the LSAT, PSAT and SAT exams, course schedules, an internal analysis of the effectiveness of the companyâ''s instructors, and the entire texts of some Princeton Review books, like the 2008 edition of 'Cracking the LSAT.' "

I wonder how much information was downloaded by the firm doing competitive analysis before it informed the Times about the security hole. I also wonder if any students found the hole, and also helped themselves to old exams and study guides.

TAGS: privacy // security

Comment FAQ Comment Policy

Master Bond: How to Evaluate Chemically Resistant Adhesives

IBM Video: Informix TimeSeries

IBM Webcast: Smart Metering Solutions Gain Competitive Edge

IBM Webcast: The Hidden Challenge in Meter Data Management: What You Don’t Know Will Hurt You!

APC: Estimating a Data Center’s Electrical Carbon Footprint

APC: Fundamental Principles of Network Security

APC: How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Costs

APC: Classification of Data Center Management Software Tools

APC: Implementing Energy Efficient Data Centers

APC: Electrical Efficiency Measurement for Data Centers

Nimbic: Achieving Maxwell‐accurate Electromagnetic Integrity in Chip‐Package‐System Design

IBM: Rational Team Concert Data Sheet

IBM: Fostering innovation and efficiency through collaborative change management

IBM: Collaborative software delivery: Managing today’s complex environment to improve software quality.

IBM: Rational Solution for Collaborative Lifecycle Management

IBM: Requirements, quality and test management e-Kit

IBM: Accelerate quality with automation

IBM: Quality management across the product and service lifecycle

IBM: Deliver high quality applications faster with reduced risk and cost

IBM: Driving systems engineering value through trade studies

IBM: Enabling software reuse using successful component-based development practices.

IBM: Delivering a smarter planet: an exploration of systems of systems

IBM Rational solutions for smarter government services

IBM: Enabling the delivery of high-quality financial products and services

IBM: Systems Eng - The foundation for success in complex systems development

IBM: Turning Product Development into Competitive Advantage

IBM Informix TimeSeries: Benchmark Testing Demonstrates Unprecedented Performance and Scalability for Meter Data Management

IBM: Build Smart Metering Solutions with IBM Informix TimeSeries

COMSOL: Drastically Improve Compute-Intense Applications in the SuperComputing Cloud