Stanford hit by data breaches, confidential data believed to have been exposed

By the Daily Post staff

Stanford today is grappling with several data breaches, one that exposed employee data, another that revealed sex-assault reports and a third that showed the Graduate School of Business secretly gave tuition discounts to preferred students while claiming the reductions were only available to needy students.

“We extend the deepest apology to the employees and former Stanford students who expected that their personal information would be treated with the greatest care by campus offices,” said Randy Livingston, vice president for business affairs, whose department includes oversight of university information technology and the information security and privacy offices. “This is absolutely unacceptable.”

Stanford alerted employees and students about the breaches this morning.

Stanford said the Andrew File System, or AFS, a file-sharing program widely used throughout the university, exposed a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago.

A data breach involving financial aid information at the Graduate School of Business (GSB) was reported by the news site Poets and Quaints, which in 2015 exposed the love triangle scandal involving GSB Dean Garth Saloner, Professor Deborah Gruenfeld and her estranged hubby Professor James Phils.

The upshot of today’s Poets and Quaints story is that this newly exposed data shows GSB officials secretly gave discounts to preferred applicants while claiming that such scholarships were only for needy students.

Current GSB Dean Jon Levin also disclosed the breach in a Nov. 17 letter to faculty and employees. He said the school has hired a forensic-data firm to investigate the situation.

Levin said that he was alerted to the situation by a student who had analyzed the information and found that GSB’s claims about how it doles out scholarships weren’t accurate.

The data breach involved more than just GSB scholarships.

Confidential data covering about 10,000 current and former Stanford employees was left on a shared drive for six months, available to all students, faculty and staff. The data in the newly discovered breach included Social Security numbers and salaries for all non-faculty employees who worked at Stanford in August 2008.

The statement from Stanford attributed the various breaches to “misconfigured permissions” on AFS and Google Drive.

Stanford said one data breach was discovered by a student on the Stanford Daily staff. The Daily reported that information about sexual assault reports and some related student disciplinary reports could be viewed by any AFS user. The files didn’t include any names. The student newspaper reported its findings in a story that the university said “maintained confidentiality of the personally identifiable information.”