August was a huge month for large data breaches. Take, for instance, The Princeton Review. They are a test-prep firm that unknowingly posted tens of thousands of test scores on their web site for about seven weeks. The breach was discovered by another test-prep company that just happened to see that data online while doing research. The web site address that was providing the data was reported to the New York Times, which in turn, informed the Princeton Review. Access to that portion of the web site was then promptly removed. Personal information exposed included names and birth dates. This information was posted with the intention of protection by password, however, the password mechanism somehow failed when the company changed internet providers. An investigation is being run to attempt to find out how many people might have accessed those files.

In addition to student information, the site also provided materials related to the LSAT, PSAT AND SAT exams and more.

One internet security analyst noted that “In this case it would have made sense for the company to separate information such as the names of the students from their test scores and whatever confidential information the company had. But we are finding that companies today don’t change until they have experienced the pain of a data breach that is exposed to the public.”

Unfortunately, we find many of these company errors when doing research for our articles. Take advantage of the Lifelock offer, included on this website, to start protecting yourself.

This entry was posted on Sunday, September 14th, 2008 at 8:00 am and is filed under Data Breach. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.