Indiana University suffered a data security incident after a tool designed to help university staff to access student grade point averages was unintentionally made available to the entire IU community.
The tool was however immediately disabled once the ability to access all enrolled students’ GPAs was known.
The GPA calculator tool allowed students, faculty and staff to gain access to records for at least 100,000 current and former students who graduated in 2015 or later.
Source: https://www.databreaches.net/100k-iu-student-gpas-accidentally-made-available-to-all-students-staff/
TPRM report: https://scoringcyber.rankiteo.com/company/indiana-university
"id": "ind16422123",
"linkid": "indiana-university",
"type": "Data Leak",
"date": "02/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Education',
'location': 'Indiana, USA',
'name': 'Indiana University',
'type': 'Educational Institution'}],
'attack_vector': 'Unintentional Data Exposure',
'data_breach': {'number_of_records_exposed': 'At least 100,000',
'type_of_data_compromised': 'Student Grade Point Averages'},
'description': 'Indiana University suffered a data security incident after a '
'tool designed to help university staff to access student '
'grade point averages was unintentionally made available to '
'the entire IU community. The tool was immediately disabled '
'once the ability to access all enrolled students’ GPAs was '
'known. The GPA calculator tool allowed students, faculty and '
'staff to gain access to records for at least 100,000 current '
'and former students who graduated in 2015 or later.',
'impact': {'data_compromised': 'Student Grade Point Averages'},
'post_incident_analysis': {'root_causes': 'Improper Access Control'},
'response': {'containment_measures': 'The tool was immediately disabled'},
'title': 'Data Security Incident at Indiana University',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Control'}