Personal information of 1 million potential college applicants 'exposed inadvertently'

Sensitive personal information belonging to more than 1 million individuals seeking information about higher education institutions was exposed online earlier this year, EdScoop has learned.

The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers — was left publicly accessible for at least several weeks in January and February, according to Chris Vickery, director of cyber risk research at the cybersecurity firm UpGuard…

In total, records associated with 1,097,000 people — dating back to 2005 — were left open on the internet

The exposure happened through a common tool called rsync that is used to remotely back up data, allowing users to copy it from one machine to another, Vickery said. Gragg said TDM’s five-person IT team made a change at some point in January that likely created the vulnerability. Researchers at UpGuard could not determine how long the data was exposed prior to their discovery.

https://edscoop.com/data-exposure-1-million-college-applicants-upguard