article featured image


Stanford University discovered a breach that affected its data between December 2022 and January 2023. Threat actors exfiltrated files containing private information of Economics Ph.D. applicants. The incident affected 897 persons, and the University notified them about the breach.

Details About the Breach

Hackers got access to the documents containing the 2022-23 application files for Stanford’s Ph.D. program in economics due to a settings’ misconfiguration. Investigations revealed that the initial access happened on December 5, 2022. And the hackers downloaded the files twice before January 24, 2023, when Stanford University noticed the data breach.

On January 24, 2023, Stanford was notified that a folder containing the 2022-23 application files for admission to Stanford’s Department of Economics’ Ph.D. program was available through the department’s website because of a misconfiguration of the folder’s settings.


The Exposed Data

The cybercriminal managed to exfiltrate information from the applications and the supporting documents. It revealed details like:

  • Names
  • Dates of birth
  • Home and mailing addresses
  • Phone numbers
  • Email addresses
  • Race and ethnicity
  • Citizenship
  • Gender

Fortunately, hackers did not get Social Security Numbers or financial data, as these were not on the application. And the incident stopped at the Ph.D. program in Economics, not including other programs at Stanford University.

Cybercriminals no longer have access to the exposed files, and until now there is no sign of abuse using the stolen data.

The confidentiality, privacy, and security of personal information are among our highest priorities, and we have security measures in place to protect this type of information. In response to this incident, we are updating our processes and policies related to electronic file storage security and will be retraining faculty and staff on the policies.


In April 2021 another cybersecurity incident affected Stanford University. Clop ransomware stole and leaked data from Stanford School of Medicine in this case.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *