Kellogg | Mr. Chief Product Officer
GMAT 740, GPA 77.53% (First Class with Distinction, Dean's List Candidate)
Chicago Booth | Mr. Needy Spartan
GMAT 740, GPA 3.6
INSEAD | Ms. Low GPA, Big Ambitions
GRE 2.64, GPA 2.64
Stanford GSB | Mr. Energy Focus
GMAT 760, GPA 3.7
MIT Sloan | Mr. Low GPA Over Achiever
GMAT 700, GPA 2.5
Georgetown McDonough | Mr. Aspiring Consultant
GMAT 690, GPA 3.68
NYU Stern | Ms. Art World
GRE 322, GPA 3.3
NYU Stern | Mr. Hail Mary 740
GMAT 740, GPA 2.94
Stanford GSB | Mr. Big Tech Engineer
GRE 332, GPA 3.95
IU Kelley | Ms. Biracial Single Mommy
, GPA 2.5/3.67 Grad
Berkeley Haas | Ms. 10 Years Experience
GMAT To be taken, GPA 3.1
Yale | Mr. Army Infantry Officer
GMAT 730, GPA 2.83
Yale | Ms. Social Impact AKS
GRE 315, GPA 7.56
Berkeley Haas | Mr. Hanging By A Thread
GMAT 710, GPA 3.8
Kellogg | Mr. Bird Watcher
GRE 333, GPA 2.9
Harvard | Mr. Relationship Manager
GMAT 750, GPA 3.8
Harvard | Mr. Political Consultant
GRE 337, GPA 3.85
MIT Sloan | Mr. Refinery Engineer
GMAT 700- will retake, GPA 3.87
Said Business School | Mr. Across The Pond
GMAT 680, GPA 2.8
Stanford GSB | Mr. Singing Banking Lawyer
GMAT 720, GPA 110-point scale. Got 110/110 with honors
Stanford GSB | Mr. Corp Finance
GMAT 740, GPA 3.75
Kellogg | Mr. Marketing Maven
GRE 325, GPA 7.6/10
Stanford GSB | Mr. Vroom Vroom
GMAT 760, GPA 2.88
N U Singapore | Ms. Biomanager
GMAT 520, GPA 2.8
Stanford GSB | Mr. Health Nerd
GMAT 740, GPA 3.5
Wharton | Mr. Army & Consulting
GMAT 760, GPA 4.0
Berkeley Haas | Mr. 360 Consultant
GMAT 720, GPA 3.4

Data Exposure At Stanford GSB Wider Than Reported

The iconic Hoover Tower at Stanford University

Stanford University today (Dec. 1) disclosed that a previously revealed breach of confidential information on a computer server at its Graduate School of Business is much wider than earlier reported. Campus privacy investigators found that a shared platform at the GSB potentially exposed the personal information of nearly 10,000 non-teaching staff at the university.

Stanford said an investigation of what it is calling an “exposure” on a GSB server contained the names, birthdates, Social Security numbers and salary information for nearly 10,000 non-teaching university employees – a snapshot taken in August 2008. The file apparently was made accessible to human resources staff at the business school for annual salary setting. The file was exposed to the GSB community for six months before it was locked and secured last March 3.

This latest admission comes after Poets&Quants revealed that a computer breach at the business school had allowed at least one MBA student to gain access to confidential financial aid information for MBA students (see Stanford GSB Misled Applicants On Financial Aid). The breach exposed 14 terabytes of highly confidential student data detailing the most recent 5,120 financial aid applications from 2,288 students, spanning a seven-year period from 2008-2009 to 2015-2016.


The university said these files were accidentally made available on a shared server starting in June of 2016. Other files on the same server were accessible starting in September 2016. All files were secured by early March, according to the university.

The university also disclosed today that the business school’s IT (Information Technology) team became aware of the breach of MBA financial aid information in February of 2017 but failed to report the problem to Stanford GSB Dean Jon Levin.

“At that time, the GSB IT team recognized there was a permission problem and promptly secured all of the files on the drive,” according to university spokesperson Lisa Lapin in a statement. “But they failed to understand the scope of the exposure and did not report it to the GSB dean or relevant university offices for further investigation.”


The university statement did not acknowledge that its IT team only learned about the breach because the student who found the data, a first-year MBA student named Adam Allcock, had reported the problem on Feb. 23 to Jack Edwards, director of financial aid at the business school. Otherwise, the school may not have known about the exposure.

It apparently took another eight months before Dean Levin became aware of the breach. That was when Allcock says he sent him an in-depth report on the school’s financial aid practices which found that the school’s claims of granting scholarship support only on a needs-based formula was untrue.

Allcock found that Stanford had routinely granted fellowship money to students without regard to their financial needs, often favoring admits who were female and those from the financial sector, even though many had more savings than students who received no scholarship help or less financial support. His analysis also found what he termed “systemic biases against international students…This is inconsistent with a need-based financial aid system,” he wrote in the report.


It wasn’t until Nov. 17 that Levin publicly conceded that the school had failed to come clean on how it distributes financial awards to students and acknowledged the breach of confidential student data. In a statement to the GSB community issued at 6:39 p.m. on a Friday, Nov. 17, GSB Dean Jon Levin said the data has been “improperly stored in a shared folder that was accessible to all GSB faculty, staff and students. The records were anonymized and did not include names; however, they included income and asset information, and information on prior employment.”

Though the school has long insisted that it does not grant fellowship awards on the basis of merit, Dean Levin wrote that the school “has offered additional fellowship awards to candidates whose biographies make them particularly compelling and competitive in trying to attract a diverse class.”

He promised that the school would be “significantly more transparent about the principles and objectives being applied in making financial aid awards, and about how different awards are made. We are committed to working on this for the current admissions cycle.”


Today’s statement by the university also noted that yet another file-sharing platform, widely used throughout the university, exposed a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago.

Stanford said its Information Security and University Privacy offices have been investigating the data breakdown and are continuing to review file-sharing platforms campus-wide to assure appropriate access permissions are in place.

“The university does not have any direct evidence that personally identifiable information was accessed from the GSB file,” adds Lapin, a university spokesperson, in the statement. “But as a precaution, beginning today, notification letters are being sent to all impacted employees and students who may have had personally identifiable information exposed.

“We extend the deepest apology to the employees and former Stanford students who expected that their personal information would be treated with the greatest care by campus offices,” said Randy Livingston, vice president for business affairs, in a statement. “This is absolutely unacceptable. Our community expects that we will keep their personal information confidential and secure, and we have failed to do so. The proliferation of file-sharing platforms requires that everyone be vigilant in assuring that confidential information remains secure, old files are deleted and permissions are regularly reviewed.”


About The Author

John A. Byrne is the founder and editor-in-chief of C-Change Media, publishers of Poets&Quants and four other higher education websites. He has authored or co-authored more than ten books, including two New York Times bestsellers. John is the former executive editor of Businessweek, editor-in-chief of Businessweek. com, editor-in-chief of Fast Company, and the creator of the first regularly published rankings of business schools. As the co-founder of CentreCourt MBA Festivals, he hopes to meet you at the next MBA event in-person or online.