Stanford University disclosed an information breach after recordsdata containing Economics Ph.D. program admission data have been downloaded from its web site between December 2022 and January 2023.
Last week, the college despatched knowledge breach notification letters to 897 people who submitted private and well being data as a part of the graduate software to its Department of Economics, informing them that their data was accessed with out authorization.
“On January 24, 2023, Stanford was notified {that a} folder containing the 2022-23 software recordsdata for admission to Stanford’s Department of Economics’ Ph.D. program was obtainable by the division’s web site due to a misconfiguration of the folder’s settings,” the college informed affected people.
“We promptly investigated this matter, which revealed that the unrestricted entry to the purposes started on December 5, 2022, and that there have been two downloads of the appliance supplies between December 5, 2022, and January 24, 2023.”
The data uncovered on account of this breach contains software and accompanying supplies, together with names, dates of delivery, dwelling and mailing addresses, telephone numbers, e-mail addresses, race and ethnicity, citizenship, and gender.
“The incident doesn’t contain packages at Stanford aside from the PhD program in Economics. It additionally doesn’t contain undergraduate purposes to the college,” the college mentioned in a separate assertion on its web site.
Financial and social safety data not uncovered
Some supplies submitted in the course of the Ph.D. software course of additionally included candidates’ well being data. Social Security Numbers and monetary knowledge weren’t uncovered in the course of the incident as a result of software recordsdata didn’t comprise such a knowledge.
Stanford instantly blocked entry to the recordsdata as soon as it came upon in regards to the unintended publicity. At the second, the college mentioned that it discovered no proof that the downloaded data has been misused.
“The confidentiality, privateness, and safety of private data are amongst our highest priorities, and we now have safety measures in place to guard such a data,” Stanford added.
“In response to this incident, we’re updating our processes and insurance policies associated to digital file storage safety and will likely be retraining school and workers on the insurance policies.”
This incident follows an April 2021 knowledge breach disclosed after the Clop ransomware group leaked paperwork stolen from Stanford School of Medicine’s Accellion File Transfer Appliance (FTA) platform.
Data revealed on-line by the Clop cybercrime gang after the 2021 assault included names, addresses, e-mail addresses, Social Security numbers, and monetary data.
A Stanford spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier immediately.