PRIVACY

Princeton Review Flunks Data Privacy Test

Print Version
E-Mail Article
Reprints


AP
08/21/08 9:20 AM PT

Personal data on tens of thousands of Florida students was published on the Web after the students used the Princeton Review to train for a state-run standardized test. The information was unsecured for about a month and a half and included names, ethnicities, genders and state IDs, which in Florida are very similar to Social Security numbers. Students' test results were also exposed.


Entering European Markets: A Challenging but Real Opportunity
Although the U.S. has a large Internet population, 79 percent of all Web users are now outside the U.S. Online retailers have viable options for entering into international expansion mode, particularly with respect to European markets. [Download PDF: 6 pgs | 686k]

Tens of thousands of students in a southwest Florida school district who used an online Princeton Review program to study for the state's annual assessment test inadvertently had their names, birth dates and test scores published on the Web.

Superintendent Lori White of the Sarasota school district said approximately 34,000 students in the second through 10th grades were impacted by the breach, which apparently occurred as the test preparation company moved its Web hosting Linux MPS Pro Focus on Your Business — Not Your IT Infrastructure. to a new provider.

From late June until this Monday, information including how students had answered the test preparation questions, their ethnicity, gender, and state ID -- which in Florida is almost exactly the same as their Social Security number -- was online, White said.

Found by Competitor

In a statement, the company said the site does not appear to have been widely available.

"We've conveyed our disappointment," White said. "There's a certain trust you have with a company in terms of needing to send confidential information so it can be used in generated reports. But it's with the obligation that that information is kept secure."

The New York Times first reported the mishap on Tuesday.

The paper reported it was made aware of the Web address by another test preparatory company that stumbled upon it while doing competitive research. The Times informed the Princeton Review, which then closed that section of its site.

Promises to Do Better Next Time

In addition to Sarasota, Fairfax County, Va., also had student information posted online.

Paul Regnier, the district's coordinator of community relations, said it has asked Princeton Review to give them back the information in order to inform the appropriate families.

In a statement, Princeton Review said they launched an investigation as soon as they were made aware of the problem and will be retaining a forensic accounting and security Take the FREE Motorola AirDefense WLAN Security Assessment. Click here. team to "review the incident and evaluate our security and policy procedures."

Though the data does not appear to have been widely available, the company said: "Nonetheless, we have apologized to our customers for this situation, and assured them that access to the information has been closed, and that we are working diligently to put in place any needed remedies to make certain this problem does not recur."

© 2008 AFX News Limited. All rights reserved.
© 2008 ECT News Network. All rights reserved.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints   RSS

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]