Education

Vulnerability at Student Portal Exposes Sensitive Information

12 - 19 February 2019

Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents.
Cyber_News_Educations
Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents. NolijWeb contains an insecure direct object references vulnerability that allows a login user to retrieve student records by changing the numeric ID in the URL. At least 91 students were affected in the incident, which exposes personally identifiable information such as social security number, ethnicity and home address as well as academic results including standardised test scores and personal essays. Previously in December 2017, Stanford University exposed the personal information of nearly 10,000 non-teaching staff after misconfiguring the permissions setting on two file-sharing platforms used in the campus. 

References:
[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence