In this section

• Home
• Press office
• News archive
• Articles
• 2008
• 08

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

19 August 2008

Confidential school records made available online, Sophos reports US students exposed to risk of identity fraud

Confidential student records were available via the internet.

IT security and control firm Sophos is today reminding organizations of the importance of data protection following media reports that more than 100,000 student records were accidentally made available online.  The security blunder by The Princeton Review, an educational support services provider, is believed to have happened as a result of the company changing internet providers earlier this year, exposing the confidential data for seven weeks.

The Princeton Review's publicly accessible and searchable website exposed the dates of birth and names of 74,000 students in Virginia.  In addition, another file revealed the dates of birth, test scores and ethnicity of 34,000 students in Florida, after the county hired The Princeton Review to measure academic progress.

"We should all be grateful that The Princeton Review has taken action over this data breach, but it should never have happened in the first place," said Graham Cluley, senior technology consultant for Sophos.  "The information should have been held securely, and identifying data such as names and full dates of birth should have been wiped from the files."

The data breach was discovered and exposed by a competitor of The Princeton Review as it conducted competitive intelligence.

"If you need any encouragement to make sure that your house is in order and your data secure, and the threat of identity thieves isn't enough for you, then maybe the thought that a business rival might take your blunder to the press will do it," continued Cluley.

• Read Graham Cluley's blog to learn more about the incident

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

Download now
Sophos Security Threat Report 2009

• USA number 1 for malware and spam
• Huge surge in email attachment attacks
• Scareware makes users buy bogus products

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Student data leaked to internet by P2P file-sharing software
• Facebook privacy breach exposed users' hidden dates of birth
• Millions of British families at risk of identity theft after HMRC data loss
• Read Graham Cluley's blog