Changing numeric ID in url allowed students to view other Stanford students’ admission files, sensitive personal data

Julia Ingram and Hannah Knowles report:

Before this week, Stanford students could view the Common Applications and high school transcripts of other students if they first requested to view their own admission documents under the Family Educational Rights and Privacy Act (FERPA).

Accessible documents contained sensitive personal information including, for some students, Social Security numbers. Other obtainable data included students’ ethnicity, legacy status, home address, citizenship status, criminal status, standardized test scores, personal essays and whether they applied for financial aid. Official standardized test score reports were also accessible.

Students’ documents were not searchable by name, but were instead made accessible by changing a numeric ID in a URL.

Read more on The Stanford Daily.

About the author: Dissent