Data Security FAQs

Data Security FAQs

On January 24, 2023, Stanford learned that a folder containing the 2022-23 application files for admission to Stanford’s Department of Economics’ Ph.D. program was unrestricted on a  website belonging to the department. Once the incident was reported, the department immediately restricted access to the folder.

You can read the university’s statement about the incident at https://news.stanford.edu/report/2023/02/17/data-security/.

Below is a list of FAQs about the incident. The university is working with IDX, a third party that specializes in data security incidents, to provide support. IDX is open Monday through Friday from 6 am to 6 pm PST. If you have any questions or concerns, please contact IDX at their toll free number: 1-800-939-4170.

What happened?

  • On January 24, 2023, Stanford was notified that a folder containing the 2022-23 application files for admission to Stanford’s Department of Economics’ Ph.D. program was available through the department’s website as a result of a misconfiguration of the folder’s settings. Once this was reported, access to the folder was immediately restricted, and an investigation by the University’s Information Security Office and Privacy Office was launched.
  • The investigation revealed that the unrestricted access to the applications began on December 5, 2022, and that there were two downloads of the application materials before the folder was restricted.

Why is there a gap between when the incident was discovered and when I was notified?

  • The investigation into the matter took time in order to ensure we accurately understood the scope and impact of the incident. The process also required individual review of each application to identify the fields of information affected and coordinating the appropriate notifications to individuals.

How many individuals were affected by the data security incident?

  • 897 applicants to the Department of Economics Ph.D. program.

What information was unrestricted and for how long?

  • No financial data or Stanford evaluative comments were exposed. The information involved in the incident includes applications and accompanying materials.
  • The information was unrestricted from December 5, 2022, to January 24, 2023, when the folder was immediately restricted.

Can you explain how this happened?

  • Stanford’s investigation revealed that on December 5, 2022, the file was nested within another folder, which was inadvertently made unrestricted.

Are applications to any other parts of the university affected by this incident?

  • No. It was limited to Ph.D. applications to the Department of Economics.

What is Stanford doing to prevent this kind of incident from happening again?

  • The University Privacy Office is currently coordinating with the Economics department to review its procedures and policies and help prevent this type of incident from occurring in the future.
  • The Information Security Office is requiring all admissions officers to review and confirm the security of application files.
  • In addition, the university is reviewing its processes and policies across other departments for file storage security and for managing sensitive information as well as revisiting related training for faculty and staff.
  • Please know that we take the privacy and security of individuals’ information very seriously.