Stanford University’s Graduate School of Business has lost its chief digital officer after a data breach that, he acknowledged, should have been reported and not just quietly patched.
“I take full responsibility for the failure to recognize the scope and nature of the … data exposure and report it in a timely manner to the dean and the University Information Security and Privacy Office. I would like to express my most sincere apologies … to anyone whose personal information might potentially have been compromised,” Ranga Jayaraman said in a statement, according to the San Francisco Chronicle.
Jayaraman, who had also served as an associate dean of the business school, told the Chronicle that he never intended to deceive anyone by not informing higher-ups about the glitch.
“A decision like that is always a judgment call,” he told the Chronicle. After patching the problem in March, “I thought we’d done a detailed enough evaluation, and we didn’t hear there was super-sensitive information (disclosed), so I decided to let it go.”
The improperly accessible data included information about financial aid and scholarship grants and was discovered by an MBA student, Adam Allcock, who reportedly downloaded and analyzed the data. It revealed that despite Stanford’s assertion that it awarded tuition discounts only on the basis of financial need, other criteria were also used.
“For years,” the Chronicle reported, “the school actually handed out deep discounts to non-needy applicants it hoped to attract: those with backgrounds in finance, international students, and women.”
University officials have apologized for the was the private information was handled, and GBS Dean Jonathan said the school will be “significantly more transparent” about how tuition discounts are awarded.
The website Poetsandquants.com, which has covered the issue in depth, posted the following in its story Wednesday:
“Jayaraman did not lose his job because a student found his way into a shared server that exposed confidential student data detailing the most recent 5,120 financial aid applications from 2,288 students, spanning a seven-year period from 2008-2009 to 2015-2016. He now finds himself unemployed because he failed to immediately notify the dean or the university of the breach when it was called to his attention in late February of this year.”