Georgetown says current former students’ data exposed after accidental “configuration change.”

WASHINGTON (7News) — Some Georgetown University students who logged into a school portal on Wednesday and Thursday discovered they could see the personal information of their current or former classmates, the school told 7News Thursday.

It wasn’t because of a hack, according to a school spokesperson. Instead, some students were given administrative-level access to the GU Experience platform due to a configuration change made after maintenance work was done on the GU Banner student information system, the official said.

In that roughly 24 hours, 29 current and former students viewed financial aid, social security numbers, GPAs and other personal admissions and academic information, according to Georgetown school officials and the school’s student newspaper.

A Georgetown spokesman said officials have contacted the 29 people who accessed the data, requesting that they delete any data they may have downloaded, which could cause legal ramifications.

GU Experience is the school’s internal self-service platform, allowing students and staff to manage classes, view academics, manage financial aid, request transcripts and review other personal account information without having to go to personally visit the administrative officials.

“We take data security and the privacy of our students very seriously,” Doug Litte, chief information officer of Georgetown University Information Services, said in a letter to the community Thursday. “We recognize that this is disturbing news and we regret that this has happened.”

A university spokesperson told students with the school newspaper that the leak did not expose current details of former students, only details of their time at the university.

Read the letter sent to Georgetown U. students below:

Dear members of the Georgetown University community,

We are writing to inform you that following a period of maintenance and disruption to Banner’s student information system, a subset of student users of the GU Experience platform were able to access certain student data from current and former students. This was not the result of an external attack or a security compromise of our system, but rather an inadvertent configuration change that allowed a subset of existing users with GU IDs to access data that otherwise they would only be used by administrative staff. This access configuration was resolved at 8:30 this morning.

This period of unauthorized access occurred between 8:00 a.m. on Wednesday, October 16 and 8:30 a.m. on Thursday, October 17, and the data included sensitive personal and academic information.

Our initial investigation determined that 29 current or recent Georgetown students may have accessed unauthorized data. We have contacted those who had unauthorized access and instructed them to delete any data they may have obtained. Using, sharing, or saving any of this data could violate University policy and have legal ramifications. We will follow up with more information for users whose data may have been exposed.

We take the data security and privacy of our students very seriously. We recognize that this is disturbing news and we are sorry that it has happened. We will continue to investigate this data exposure and implement security measures to prevent it from happening in the future. We will provide additional information as it becomes available.