Princeton Review criticised over data leakage

News by Dan Raywood

A security blunder has left American students' personal details exposed

A security blunder has left American students' personal details exposed.


Confidential information on thousands of American students was left exposed following a mistake by test preparatory firm The Princeton Review. According to a report in the New York Times, files on a publicly accessible website exposed the dates of birth and names of 74,000 students in Fairfax County, Virginia for seven weeks.


Another file revealed the dates of birth, test scores and ethnicity of a further 34,000 students in Sarasota, Florida after the county hired the Princeton Review to measure academic progress.


Stephen Richards, COO and CFO of The Princeton Review, says it has closed off access to the information, which is believed to have believed to have been exposed when the company changed internet providers in late June.


Graham Cluley, senior technology consultant at Sophos, said: “We should all be grateful that The Princeton Review has taken action over this data breach, but it should never have happened in the first place. The information should have been held securely, and identifying data such as names and full dates of birth should have been wiped from the files.


As an aside, one thing I find interesting about this case is how the data breach was discovered. It wasn't found as part of an internal security audit, or by a customer or probing journalist. Instead, the blunder was uncovered by a (not named) competing firm who were conducting competitive intelligence on The Princeton Review.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews