Princeton Review

From an article in the New York Times, it appears that the Princeton Review "published the personal data and standardized test scores of tens of thousands of Florida students on its Web site, where they were available for seven weeks."

According to the article, the breach -- likely caused by human error -- exposed some very sensitive data:

"One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fla., where the Princeton Review was hired to build an online tool to help the county measure students’ academic progress. The file included the students’ birthdays and ethnicities, whether they had learning disabilities, whether English was their second language, and their level of performance on the Florida Comprehensive Assessment Test, which is given to students in grades 3 to 11."

In another folder on the same server, several files containing the names and birthdays of 74,000 students from Fairfax County, VA, were exposed.

On a related note, a prominent test preparation company will soon be looking for an experienced web security expert. The qualified applicant should be able to meet or exceed the skillset laid out in this document.