About 100 students were affected by the incident
Network security and ethical hacking specialists from the International Institute of Cyber Security report a vulnerability in one of Stanford University online systems that allows students to visualize their records gave one of the students the ability To see the grades of other students’ high school education.
The leaking
key, apparently, was to request in advance access to the university’s admission
documents under the Family Education Rights and Privacy Act (FERPA).
According to network
security specialists, a large variety of data was filtered due to
vulnerability. Among the compromised information can be found:
- Students’
Social Security numbers - Addresses
- Ethnic
origin - Criminal records
- Standardized test scores
- Scholarship applications
While the research was carried out, a student
was able to access information about 81 of his classmates, and other
investigators found information pertaining to another dozen students. The
compromised information was filtered through a URL; Stanford University states
that each of the 93 students affected during the incident will be notified
directly.
The compromised system, called NolijWeb, was
recently updated, commented the network security specialists. Student researchers
and the Stanford University Gazette complied with the protocols established by
the cybersecurity community to report vulnerability and data breach.
Since the incident was detected, the IT team at
Stanford University disabled the NilikWeb system, which allowed access to the
records of other students. In addition, the educational institution suspended
online access to FERPA’s documents, at least until the investigation of the
incident ends.
