Error made student birth dates, test scores public for weeks The Princeton Review is the latest company hit with a data breach that is making headlines. The New York-based educational service and test preparation provider inadvertently exposed files on at least 100,000 students in Sarasota, Florida and Fairfax County, Virginia through its website. News of the breach was made public Tuesday morning by a report in the New York Times. Files were exposed after the company switched Internet service providers earlier this year. The sensitive information, which included personal data such as names, birth dates, ethnicities and learning disabilities, along with test performance, were easily accessed through a simple web search and were available for at least seven weeks, according to the report. None of the information was password protected and was intended only to be viewed by Princeton Review authors.Princeton Review officials told The NYT that access to the information was immediately shut down as soon as the company was informed about the problem. “This brings up two big questions,” said Graham Cluley, a senior technology consultant with IT security and control firm Sophos. “Are companies doing enough to protect their data and also do companies really need to be keeping all of this kind of data?”The flaw was discovered by a competing test preparation firm. The competitor contacted the NYT with the story, according to Cluley, who said the play-out points to the high stakes now involved with a data breach. “If companies haven’t heard this before, it’s a huge reminder that security is important not just for your customers, but for your reputation.”While the publishing of birth dates may not seem like a massive leak, Cluley said the information is a good stepping stone for someone attempting to steal an identity.This is the second time in a month a public breach has involved birth dates. A glitch in a test version of social networking site Facebook inadvertently exposed the birthdays of its 80 million members last month. The bug was discovered by Cluley who was checking out Facebook’s new design when he noticed that the birth dates of some of his privacy-obsessed acquaintances were popping up when they should have been hidden.“The fact that the people affected by this latest breach were children I think adds to the general background radiation about security, or lack thereof, of peoples’ data on the web,” said Cluley. Related content news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe