SmarterSelect Data Breach Overview:
- Who: SmarterSelect exposed the personal data of thousands of scholarship applicants.
- Why: The company allegedly placed the data on a public Google Cloud storage bucket.
- Where: SmarterSelect is headquartered in Dallas, TX.
SmarterSelect, a company that provides management software for scholarship applications, exposed the personal data of over a million student applicants, according to an article by TechCrunch.
The data breach included documents such as names, email addresses, phone numbers, Social Security numbers, academic transcripts, resumes and invoices for approximately 1.2 million scholarship applications from November 2020 to September 21, 2021.
Cybersecurity Company UpGuard discovered the breach through a public Google Cloud storage bucket that contained 23,000 spreadsheets and 8,000 ZIP files, TechCrunch reported. The information also included student photos, parents’ education and income, letters of recommendation and personal essays containing personal information such as extreme poverty or abuse.
UpGuard notified SmarterSelect about the breach on Sept. 15 and Sept. 27, according to TechCrunch. The company acknowledged the warning on Sept. 30 but didn’t remove public access to the information until Oct. 5. It’s not known whether anyone accessed the data.
“The contents of the bucket also serve as a reminder of the risks of collecting and retaining sensitive data, particularly for populations like college students,” UpGuard told TechCrunch. “The process of applying to, attending, and securing funding for university education requires young people to provide detailed information about themselves to a complex institutional supply chain.
“Even well-intentioned programs aiming to assist students who have been disadvantaged by circumstances beyond their control — in fact, especially those programs that seek to help those most in need — require a detailed accounting of the facts of one’s life.”
It is not known whether SmarterSelect has notified those affected by the breach.
This isn’t the first data breach this year. GoDaddy announced in November that its Managed WordPress service fell victim to a data breach, exposing the private information of up to 1.2 million of its users.
Additionally, a California federal judge has preliminarily approved Kroger’s $5 million settlement with consumers over a breach of its software vendor Accellion’s systems that exposed the personal information of over 3.82 million Kroger customers. And J.B. Hunt Transport’s alleged negligence and carelessness with job applicants’ personal data resulted in a data breach that could see more than 230,000 people’s social security numbers accessed by hackers.
Have you been the victim of a data breach? Let us know in the comments
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- GoDaddy Data Breach Exposed Private Information of up to 1.2M Users
- Do You Qualify: Blackbaud Ransomware Data Breach Class Action Lawsuit Investigation
- Manatee County, Florida School District Employee Data Breach Settlement
- NCAA Discrimination Class Action Lawsuit Filed by Black Student Athletes Will Continue, Judge Rules
