Transcript Site Reports Vulnerability

Info on Those Seeking School Records May Have Been Exposed
Transcript Site Reports Vulnerability

A security vulnerability at the high school transcript request website may have exposed the personal information of about 100,000 people.

See Also: Why Active Directory (AD) Protection Matters

In a brief statement on its website, the company says that it became aware of a specific vulnerability in the security of some of its files. "We fixed that vulnerability within hours, ordered a security scan by our host provider to confirm that no malware was installed, and hired an experienced cybersecurity firm to investigate and assist with security," the statement says.

NeedMyTranscript, based in Charlotte, N.C., facilitates high school record requests in all 50 states, covering more than 18,000 high schools, according to its website.

The incident came to light in a report by the Washington Post. According to the report, after signing into the site, a user encountered an error message containing a link to a publicly available subdirectory on the website, which contained links to the data of almost 100,000 individuals.

An analysis by the Post suggests that the incident may date back to the site's creation in February 2012. Data included in the subdirectory that may have been exposed includes names, addresses, e-mail addresses, phone numbers, dates of birth, mothers' maiden names and the last four digits of the users' Social Security numbers, the Post says.

NeedMyTranscript says in its statement that no malware was found on its systems, and that it does not believe any customer information was inappropriately accessed, although the investigation is ongoing.

The company says it does not store customer high school transcripts, credit card numbers or full Social Security numbers on its website. "Although we don't believe that you are at risk of harm as a result of this vulnerability, we still recommend that all of our customers use good judgment in not responding to e-mails or other inquiries by those posing as a financial institution or other entities seeking your personal information," NeedMyTranscript says.

The company declined to comment beyond its statement.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.