We’ve heard all about Russian hackers stealing personal info and even clever high school students hacking to change grades. But a massive breach that leaked grades and personal information of 100,000 U.S. high school students was caused by something completely different – and sadly, completely preventable.
High schoolers applying for college are usually required to send along their high school grades through an independent 3rd party - I guess to eliminate the temptation to "adjust" their grades. Typically, the student allows their school to release grades to the 3rd party, that for about $10 sends them on to the college with some assurance that the grades are accurate and have not been tampered with.
NeedMyTranscript.com is one of these 3rd parties and handles transcript requests from every state in the U.S. A data breach just revealed sensitive information for up to 100,000 of its customers. And the "breach" meant that this information was freely searchable on Google. Anyone else remember an insurance company that did the same thing?
While NeedMyTranscript claims no credit card information was exposed, the information that personal information was leaked is complete enough to be used for identity theft. Plus, who would want their high school grades floating around on the Internet?
Oh, and this security flaw may have been present in NeedMyTranscript's system for the website's entire two years of operation.