Contact Contact Us

Vulnerability at Student Portal Exposes Sensitive Information

Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents. NolijWeb contains an insecure direct object references vulnerability that allows a login user to retrieve student records by changing the numeric ID in the URL. At least 91 students were affected in the incident, which exposes personally identifiable information such as social security number, ethnicity and home address as well as academic results including standardised test scores and personal essays. Previously in December 2017, Stanford University exposed the personal information of nearly 10,000 non-teaching staff after misconfiguring the permissions setting on two file-sharing platforms used in the campus.

[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883