"McGraw Hill Exposed Student Data and Grades, Online Privacy Firm Says"

According to a recent report by vpnMentor, the education publishing company McGraw Hill faced a data breach that may have revealed the email addresses and grades of hundreds of thousands of students. The Internet privacy organization stated that its research team discovered the data breach in mid-June and spent many months trying to contact McGraw Hill. According to the report, the researchers discovered troves of data presumably belonging to McGraw Hill that were accessible to anyone using a web browser. During routine testing, McGraw Hill discovered the publicly accessible data and said it was unaware of any adverse consequences. The data breach may have exposed the personal information of university students in North America, including those attending Johns Hopkins University, the University of California, Los Angeles, and the University of Michigan. The breach exposed more than 117 million files, breaching the privacy of students and employees, according to vpnMentor's assessment. Federal law prohibits institutions from releasing or posting a student's grades without that student's prior written consent. Therefore this data breach could result in government action. McGraw Hill's data leak appears to have been caused not by a cyberattack, but by the company keeping critical files in publicly accessible cloud storage buckets. The vpnMentor research team was unable to determine whether hackers discovered the public buckets before the files were erased. Hackers would have been able to commit common types of fraud against students as a result of the data vulnerability, which involves stealing their identities and leaking their private information online. This article continues to discuss the discovery and potential impact of the McGraw Hill data breach. 

Higher Ed Dive reports "McGraw Hill Exposed Student Data and Grades, Online Privacy Firm Says"