Georgetown says current and former student data exposed after accidental ‘setting change’

WASHINGTON (7News) — Some Georgetown University students who logged into a school portal Wednesday and Thursday discovered they could see the personal data of their current or former classmates, the school told 7News Thursday.

It was not due to hacking, according to a school spokesperson. Instead, some students received administrative-level access to the GU Experience platform due to a settings change made after maintenance work was performed in the Banner Student Information System. GU, the official said.

During those roughly 24 hours, 29 current and former students viewed financial aid, Social Security numbers, GPAs and other personal admissions and academic information, according to Georgetown school officials and the student newspaper of school.

A university spokesperson said it had contacted the 29 people who accessed the data, asking them to delete anything they may have downloaded, as possessing it would risk legal consequences.

GU Experience is the school’s internal self-service platform, which allows students and staff to manage courses, view academics, manage financial aid, request transcripts, and view d other personal account information without having to visit administrative officials in person.

“We take data security and the privacy of our students very seriously,” Doug Litte, chief information officer of Georgetown University Information Services, said in a letter to the community Thursday. “We recognize that this is troubling news and regret that this has happened.”

A university spokesperson told students in the school newspaper that the leak did not reveal current details of alumni, only details of their time at the university.

Read the letter sent to Georgetown U. students below:

Dear Members of the Georgetown University Community,

We are writing to inform you that following a period of maintenance and outage of the Banner Student Information System, a subset of student users of the GU Experience platform were able to access certain student data. current and former students. This was not the result of an external attack or security compromise of our system, but rather an inadvertent setting change that allowed a subset of existing users with credentials GU to access data that would otherwise only be used by administrative staff. This access setting was resolved at 8:30 this morning.

This period of unauthorized access occurred between 8 a.m. on Wednesday, October 16 and 8:30 a.m. on Thursday, October 17, and the data included sensitive personal and academic information.

Our initial investigation determined that 29 current or recent Georgetown students may have accessed unauthorized data. We have contacted those who had unauthorized access and asked them to delete any data they may have obtained. Using, sharing, or storing this data may violate University policy and could result in legal consequences. We will provide more information to users whose data may have been exposed.

We take data security and the privacy of our students very seriously. We recognize that this is troubling news and regret that this has happened. We will continue to investigate this data exposure and implement protective measures to prevent this from happening in the future. We will provide additional information as it becomes available.