IE 11 is not supported. For an optimal experience visit our site on another browser.

Student info published online in security breach

/ Source: The Associated Press

Tens of thousands of students in a southwest Florida school district who used an online Princeton Review program to study for the state's annual assessment test inadvertently had their names, birth dates and test scores published on the Web.

Superintendent Lori White of the Sarasota school district said approximately 34,000 students in the second through 10th grades were impacted by the breach, which apparently occurred as the test preparation company moved its Web hosting to a new provider.

From late June until this Monday, information including how students had answered the test preparation questions, their ethnicity, gender, and state ID — which in Florida is almost exactly the same as their Social Security number — was online, White said.

In a statement, the company said the site does not appear to have been widely available.

"We've conveyed our disappointment," White said. "There's a certain trust you have with a company in terms of needing to send confidential information so it can be used in generated reports. But it's with the obligation that that information is kept secure."

The New York Times first reported the mishap on Tuesday.

The paper reported it was made aware of the Web address by another test preparatory company that stumbled upon it while doing competitive research. The Times informed the Princeton Review, which then closed that section of its site on Monday.

In addition to Sarasota, Fairfax County, Va., also had student information posted online.

Paul Regnier, the district's coordinator of community relations, said it has asked Princeton Review to give them back the information in order to inform the appropriate families.

In a statement, Princeton Review said they launched an investigation as soon as they were made aware of the problem and will be retaining a forensic accounting and security team to "review the incident and evaluate our security and policy procedures."

Though the data does not appear to have been widely available, the company said: "Nonetheless, we have apologized to our customers for this situation, and assured them that access to the information has been closed, and that we are working diligently to put in place any needed remedies to make certain this problem does not recur."