Data Breach Alert: Princeton Review accidently publishes personal data and test scores of thousands of Florida students

Posted by Caitlin on August 19th, 2008

When switching servers in June, the Princeton Review accidentally published names, standardized test scores, birthdays, ethnicities and other personal information for about 34,000 public school students in Sarasota, Florida. For seven weeks, this data and many other sensitive documents were available to anyone typing in a fairly simple web address, as well as through search engines.

Other exposed data included the names and birth dates for 74,000 Fairfax County, Virginia students, as well as the Princeton Review's study guides for the SATs, LSATs and PSATs, the entire texts of some Princeton Review books, course schedules, and an internal analysis of the effectiveness of the company's instructors.

A competitor discovered the exposed files while conducting research and provided The New York Times with the web address needed to access the files. The Times notified the Princeton Review on Monday and the compromised portion of the site was immediately shut down. The Princeton Review stated that the compromised files should have been password protected, but was unintentionally exposed when the website was moved to a new Internet provider. According to The New York Times, this error indicates that the Princeton Review neglected several accepted online security practices.

When corporations compromise your sensitive personal information, the only real protection against the risk of identity theft is an identity theft protection service. For more information about identity theft protection services, see our reviews and comparison.