Data leak exposes financial aid, SSN, GPA, admissions, student and graduate visa information – The Hoya

Georgetown University made undergraduate and graduate financial aid, social security numbers, GPAs, admissions details and visa information available through the GU Experience internal information platform.

Georgetown users who logged into the GU Experience between 11:30 p.m. on October 16 and 2:00 a.m. on October 17 could use the sidebar to access an administrative version of the website. This site contained a page marked “Insights”, which contained a folder called “Data-warehouse”. Within the data warehouse folder were several nested folders that contained various spreadsheets with personal information.

A spokesman for Georgetown University did not immediately return several requests for comment from The Hoya. As of 9:36 a.m. on October 17, the information was no longer viewable from the GU Experience.

It did not appear that people could access the data without a Georgetown login, but the platform allowed users to download and save this information to their personal devices.

Information La Hoya displayed in a spreadsheet included personal information about students’ full names, tax identification numbers, dates of birth, gender, ethnicity, marital status, disability status, immigration status and visa and religion.

Other sheets contained student financial aid information dating back to the 1990s, including comments university staff made on student financial aid reports related to financial aid amounts and historical details familiar and familiar. The data included specific details of students’ financial aid, such as how much aid they had received from the university compared to federal grants or other grants and how much of an unsubsidized loan a student had taken out student for a semester.

Another spreadsheet included student GPA information dating back to the 1990s, while another included detailed information on all Georgetown students enrolled in the spring 2024 GPA for the law, medical, graduate, and university degree.

One file also included a list of all applicants to Georgetown’s undergraduate and graduate schools and their admission and enrollment status. Another file included the payroll of all university employees, although users could not directly access this data set.

Other files included students’ GRE and MCAT test scores, as well as their accompanying score percentiles.

GU Experience uses software from the company Ellucian, which provides information technology to more than 2,900 institutions of higher education.

A spokesman for Elucian did not immediately respond to a request for comment.

University’s internal data classification system describe personally identifiable information, social security numbers, and student records as high-security data and directs university employees to take care of these records using secure printing platforms and services. University employees may not store this data on their work or personal computers; must remain in the university’s authorized storage system and be destroyed or purged after no longer in use.

“Loss of its confidentiality, integrity or availability would cause significant harm to Georgetown’s mission, security, finances or reputation,” the university’s information security office writes on its site.

under the Family Educational Rights and Privacy Act of 1974 (FERPA), Georgetown maybe not liberation any information about current or former students without the student’s written consent, other than directory information, including names, addresses, contact information for students and their families, and information about their time at Georgetown. Students have the right to deny the university the ability to release this directory information.

This is a developing story. More information will be added as it becomes available.