Why GSB Dean Fired His Chief Digital Officer

Once a high-flying tech wunderkind, Stanford GSB Chief Digital Officer Ranga Jayaraman now finds himself out of a job

When Ranga Jayaraman first stepped onto the campus of Stanford University in 1978, he was a self-described geeky young man with little more than $140 in his pocket and a pair of suitcases. Jayaraman had just graduated with his mechnical engineering degree from the Indian Istitute of Technology in Madras, and his foray into Stanford for graduate work was the first time he had been in the U.S.

Within four years, the tech prodigy earned three Stanford degrees, including a PhD in mechnical engineering, that landed the wunderkind a job with IBM’s prestigious Thomas J. Watson Research Center. After high-level stints with IBM, Hitachi and NVIDIA Corp., Jayaraman got the chance to claim what was in all likelihood his dream job in early 2011: To be the CIO and associate dean of one of Stanford’s most acclaimed schools, its Graduate School of Business.

To return to the institution that had helped to transform his life was in many ways the ultimate reward. After four years in the job, he was given the title of chief digital officer. Last week, he was fired by his boss, Dean Jonathan Levin, two weeks after the school disclosed a data breach of the business school’s financial aid records by an MBA student.

‘STANFORD HAS BEEN WONDERFUL TO ME & THIS GOES WITH THE TERRITORY’

Stanford GSB Dean Jonathan Levin

Levin had known about the breach since October when Adam Allcock, now a second-year MBA student at Stanford, sent him a lengthy report analyzing the data the student accesed on the school’s computer servers. Much worse than the data breach—the result of information that was stored improperly in a shared folder in June 2016—was the discovery by Allcock that Stanford’s business school had misled thousands of applicants and donors about the way it distributes fellowship grants and financial assistance to its MBA students.

For years, the school claimed that it only awarded scholarship dollars on the basis of financial need. Allcock found that claim to be completely untrue. He discovered that Stanford had routinely funneled millions of dollars in tuition discounts to students without regard to their financial needs, often favoring admits who were female and those from the financial sector, even though many had more savings than students who received no scholarship help or less financial support.

Though Dean Levin became aware that a student had gained access to what was confidential information and Allcock’s subsequent analysis in October, he terminated Jayaraman last week after days of negative headlines in newspapers and websites all over the country. The tech veteran has no ill feelings about what happened. “Stanford has been wonderful to me and things just happen,” he says. “This goes with the territory. There are times when one has to be held accountable, and I am totally fine with it.”

LOSS OF A JOB FOR FAILING TO MOVE INFO UP THE CHAIN OF COMMAND

Jayaraman did not lose his job because a student found his way into a shared server that exposed confidential student data detailing the most recent 5,120 financial aid applications from 2,288 students, spanning a seven-year period from 2008-2009 to 2015-2016. He now finds himself unemployed because he failed to immediately notify the dean or the university of the breach when it was called to his attention in late February of this year.

With the benefit of hindsight, Jayaraman says, he should have informed his boss and the university of the issue after Allcock had alerted the school to the breach. But Jayaraman says he failed to recongize the scope and nature of the exposure when told about it from a member of his team and immediately went to work to lock down the system. At the time, he didn’t even know the student had accessed sensitive data on financial aid, and he certainly didn’t realize that the student would spend 1,500 hours analyzing the data to complile a 378-page report that would ultimately embarrass the school.

Jayaraman also did not know that the student was someone not unlike himself, a computer whiz kid who had come to Stanford with a mechanical engineering degree from the United Kingdom. At the age of 13, Allcock had built his first computer, only to set up a production line in his living room to churn out more of them to sell on Ebay. His sales for the home business was reportedly a cumulative $1.2 million. And while studying for his master’s degree in engineering, which he earned with first class honors, the then 20-year-old student was named the ‘Most Employable Young Person’ at an award ceremony sponsored by Google.

Surprisingly, perhaps, it was Allcock who let the school know about the problem in the first place–in a meeting on Feb. 23 with Jack Edwards, director of financial aid. Edwards quickly alerted Jayaraman’s team. The group was able to remove some permissions within an hour of that meeting. To secure all the files, however, they had to meticulously navigate the structure of the shared network drives, scan through the directories and validate actual permissions versus intended permissions and correct them. That took until early March.

‘THIS IS THE KIND OF STUFF THAT HAPPENS DAY IN AND DAY OUT IN IT’

“At the time this happened in February, we did all of the go-fix-the-problem steps,” recalls Jayaraman. “We made an assessment in terms of what had happened and what actions needed to be taken to fix it and prevent this from happening again. What I failed to do was ask one question: ‘What could have been the nature of the content that was in these files and folders and is there super sensitive content that would trigger additional actions like disclosure.”

After all, data breaches in IT departments are as common as dandelions in an open field. Moreover, this exposure did not result in the disclosure of emails that changed the outcome of a Presidential election or credit card leaks that led to significant fraud. In fact, the exposed files were not available to anyone outside the Graduate School of Business and the names of actual students who were given scholarship money and financial aid were not accessible.

“This is the kind of stuff that happens day in and day out in IT,” acknowledges Jayaraman. “You are always making a judgment call, beyond the immediate action of containment. In this case, when I looked at all the available information and no one was raising alarms about super sensitve information, I decided to let it go. I did not have indicators that triggered the hair on the back of my neck to stand up. In retrospect, would I do the same thing today? I would say my instinct now would be an abundance of caution. I would scan the content to see if if there is sensitivity in the data. But we don’t scan content in people’s folders as a matter of course. Our job is to provide the capablity for people to store things.”

Chronology of What Happened at Stanford

 

DateEvent
June, 2016Some MBA student financial aid records are stored improperly in a shared folder
September, 2016Jonathan Levin, a superstar professor in Stanford’s economics department, becomes dean of the Gradaute School of Business, succeeding Garth Saloner who had resigned
September, 2016More financial aid records for MBA students became accessible on the same server, now totaling 5,120 financial aid applications from 2,288 students
January, 2017First-year MBA student Adam Allcock accidentally gained access to the financial aid records on a shared network server open to the entire GSB community
February, 2017Allcock informs financial aid director Jack Edwards of the data breach
February, 2017Chief Digital Officer Ranga Jayaraman’s team begins to lock down the system, securing all files by early March
October, 2017Allcock sends to GSB Dean Jonathan Levin  a 378-page analysis of GSB’s financial aid policies, finding that the school had misled thousands of applicants and students for years
Nov. 17, 2017Dean Levin publicly informs GSB community of breach and concedes the school misled applicants that all its fellowship awards had been granted on the basis of financial need when that was untrue
Nov. 30, 2017Dean Levin apologizes for the data breach and says he was not informed of the problem until eight months after Allcock told Edwards in financial aid
Dec. 1, 2017In a contrite email to colleagues, Chief Digital Officer Jayaraman says he is leaving his job
  • Sunny

    What a joke! If the CDO had informed the Dean in Feb, the outcome would have changed? Fired the guy in Feb instead of Dec???? They need a head to roll and it is convenient to fire him, that’s all! The fact of the matter is that they have been dishonest in their disclosure regarding Aid – possibly done by every major business school. What are they doing to address that?

  • Chantal

    Using the dishonest policy that GSB awards only need based $ can fob off all applicants regardless of their actual need. Finance types need to pay for spring breaks in Cabo, skiing in Vail and wine tasting in Nappa.

  • You have no idea what you are talking about. Here are three statements taken from Stanford’s website (and since removed in the aftermath of the controversy).

    “All fellowships are based on financial need.”

    “The Stanford GSB Financial Aid Office does not offer merit-based fellowships.”

    “Please be aware that we do not negotiate fellowship amounts or eligibility. Your academic or professional performance/merit is not used in financial aid decisions.”

  • Grouponcollector

    Fake News?
    Good job and keep the faith. You need thick skin to brave the haters.

  • Lord Stark

    lol it would be truly epic if you are the “real” Adam Allcock.

  • joanne@missionctrl.com

    “For years, the school claimed that it only awarded scholarship dollars on the basis of financial need…”

    False. Admissions itself is needs-blind. The aid policy is consistent with that of other top tier private universities.

  • Urvi

    GSB should have fired the Chief Financial Aid Officer. I am will Allcock that this needs to brought to people’s attention.

  • Of course, that was a cumulative sales number–not a profit number–and it was a long time ago when Allcock was a teenager, according to an article about him when he won this prize sponsored by Google.

  • Adam Allcock

    > The guy with a $1+ million business

    That’s news to me! Unfortunately, you can’t believe everything you read online.

  • quin

    He is a vigilante exposing the school to be full of it. freedom fighter.

  • Anon

    What if Allcock hadn’t turned up any GSB improprieties? Do you think he would have announced that he had not just glanced at a few financial files, but had downloaded masses of sensitive student financial information and spent months poring over them, for whatever reason he initially had in doing it? I wonder at what point when he was looking at these files did it occur to him that he shouldn’t be looking at them at all and that he should immediately alert GSB that the files might have been made available to the GSB community by mistake? Devoid of integrity, this guy is sure living up to his last name.

  • Anon

    So let’s be real about why Adam did this. The guy with a $1+ million business was seriously upset that he was passed over for scholarship money? Let’s be real. He was hoping to expose underrepresented groups getting more money than he is, and is even more hurt to discover that people that look just like him (albeit more female, but in financial services / rich) are getting money while he is not. Those familiar with Stanford can look around and summarize the demographic of individuals coming from financial services. Spoiler: it’s not heavily “female.”

  • Anon

    HBS definitely does the exact same thing. I was a dual-admit a few years ago between them and GSB. GSB gave me a bunch of money, HBS did not. I brought my GSB letter to HBS. A few days later I get a call from their dean of financial aid, and magically HBS had calculated their formula wrong and gave me $5k more than Stanford. All of the schools do this — nothing wrong with it if they were just transparent about it. There is a war for talent. I ended up choosing HBS, but my understanding is they have been losing to Stanford for awhile on dial-admits so I’m guessing they’re probably even more aggressive for someone they really want (I know some of my classmates had a similar experience).

  • Anon

    That’s a really good point. Now that I think about it, it is likely true. I would not trust their magic.

  • tim

    haha what a joke. just a scapegoat.

    you know HBS has to be afraid since they likely do the exact same thing. wake up people.