An internal website run by the Office of the Dean of the College (ODOC) was unintentionally exposed on December 22 for less than an hour during a software maintenance period. This incident allowed a few unauthorized users to view faculty reports that included information on students receiving Academic Early Alerts and those who earned failing or A-plus grades.
On Monday, Dean of the College Michael Gordin and Vice President for Information Technology Daren Hubbard informed instructors and affected students about the incident via email. They emphasized that no sensitive personal data, like Social Security numbers or financial information, was compromised and that official grades remained secure.
When an undergraduate receives an A-plus or failing grade, instructors must submit reports justifying their grading decisions. Each report contains the student’s ID, course details, term, and instructor’s name. During the exposure, users could see these records and interact with buttons that suggested they could edit or delete reports. It’s unclear if a specific login was needed for access, as users appeared logged into an administrator account.
The site also included nominations for the Shapiro Prize, which recognizes outstanding academic achievement among first- and second-year students, as well as the Academic Early Alert system that helps faculty alert deans about students who are struggling academically. At the time of the breach, no nominations for the Shapiro Prize had been submitted.
This incident is particularly relevant as universities have faced increasing cyberattacks. In fact, a recent report revealed that nearly 60% of higher education institutions experienced security breaches in the past year. Notable institutions like the University of Pennsylvania and Columbia University have also been targeted recently. However, this exposure was due to a maintenance error rather than a malicious cyberattack.
Gordin and Hubbard expressed regret about the situation and assured continued monitoring. The University aims to enhance its security protocols to prevent such incidents in the future.
For more information on university cyber challenges, you can refer to this Inside Higher Ed article.
