Between December 2022 and January 2023, Stanford University experienced a data breach in which files containing admission information for the Economics Ph.D. program were downloaded from its website without authorization.
The University recently sent notification letters to 897 individuals who had submitted personal and health information as part of their graduate application to the Department of Economics, alerting them that their information had been accessed without authorization during the data breach.
The University told the applicants that, on January 24, 2023, they were informed that a folder containing the application files for admission to Stanford’s Department of Economics Ph.D. program for 2022-23 was available through the department’s website due to a misconfiguration of the folder’s settings.
After investigating the matter, geeks discovered that the unauthorized access to the applications started on December 5, 2022. We also found out that there were two instances where the application materials were downloaded between December 5, 2022, and January 24, 2023.
The data compromised in this breach includes application and supporting documents such as names, dates of birth, home and mailing addresses, phone numbers, email addresses, race and ethnicity, citizenship status, and gender.
The University, in a separate statement on its website, clarified that the incident was limited to the Ph.D. program in Economics and did not affect any other programs at Stanford, including undergraduate applications.
During the Ph.D. application process, certain materials submitted by applicants contained health information. However, Social Security Numbers and financial data were not exposed as these types of information were not present in the application files.
As soon as Stanford became aware of the accidental exposure, access to the files was immediately blocked. The University has not found any evidence of misuse of the downloaded information.
Stanford said, “Privacy, confidentiality, and security of personal data are our top priorities. In response to this incident, we are updating and revising our processes and policies relating to electronic file storage security. Additionally, faculty and staff will be retrained in these policies.”
This comes after a data breach occurred on April 2021. It was caused by the Clop ransomware team leaking documents from Stanford School of Medicine’s Accellion FTA platform.
The data published online by the Clop cybercrime group after the 2021 attacks included names, addresses, emails, social security numbers, and financial information.
Related Stories: