One Million People's Education Data Leaked Online | News – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

How the Data of One Million People Was Exposed

A massive data leak within a marketing network targeting internet users interested in higher education left the personal information of over one million individuals unprotected. The backstory and how it affects you...

A graduation cap resting on top of a broken padlock icon, symbolizing the breach of educational data security.

What Happened

Do you remember those forms you filled out online while dreaming of a university degree, searching for a better future? Well, some of that information, along with that of a full one million other people, was just sitting out in the open on the internet, completely unprotected. A report from the cybersecurity firm UpGuard has revealed that a marketing and data brokerage network focused on higher education left this massive dataset exposed due to a simple yet devastating mistake. This wasn't a hack, more like a door left wide open. Malicious actors didn't even need to break in; all the information was just there for the taking.

This vulnerability, discovered by UpGuard researchers on May 20, 2026, originated from a server belonging to a company called TDM. This server hosted data from websites like "Learning Curve" and "Degree Authority," which collect information from prospective students. A total of 147 gigabytes of data was accessible to anyone on the internet without any password or protection. Although it's reported that the server was secured on May 22, following a notification to TDM on May 21, it remains unclear how long the data was exposed and who might have accessed it during that time. This serves as a stark reminder of one of the most fundamental lessons of the digital age: our data is only as secure as the weakest link. In this case, the weak link was a simple server configuration.

The Data Exposed

The list of leaked data is the stuff of a scammer's dreams. This isn't just about names and email addresses; it's so much more. Almost everything needed to build a complete digital identity profile was present in this leak. Let's take a look at the list:

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Core Identity Information: Full name, home address, phone number, and email address. This quartet alone is sufficient for many fraud scenarios. They can target you at your home, on your phone, or in your inbox.
  • Demographic Details: Date of birth, gender, and even ethnicity. This information can be used in identity theft or in creating more personalized and convincing fraudulent attempts.
  • Educational History and Goals: High school graduation year, current education level, desired university programs, military affiliation, and the type of degree sought. This is where things get serious. Scammers no longer have to send you a generic email. They can craft highly specific phishing attacks like, "Hello [Your Name], we have an update on your application to [University You're Interested In]," which are extremely likely to trick you.
  • Technical Data: The name of the website where you registered and your IP address. This reveals which platform you shared your information through and your geographical location.
  • Financial Clues: Some records also included information about requests for financial aid. This makes the individual a more attractive target by providing insight into their financial situation. They can be lured with fake promises like "special scholarship opportunities" or "your student loan approval."

The combination of this data creates a risk far greater than the sum of its parts. It reveals not just who a person is, but what they want, what they need, and their dreams for the future. And for cybercriminals, dreams are just vulnerabilities to be exploited. With this data, it becomes child's play to apply for credit in someone's name, take over their social media accounts, or launch complex social engineering attacks targeting them and their family.

How the Attack Happened

There was no complex cyberattack, no state-sponsored hacking group, no months-long operation behind this massive data exposure. The reality is much simpler, and perhaps more alarming for that reason. The source of the problem was a misconfigured server running a protocol called 'rsync'.

So, what is rsync? Without getting lost in technical jargon: rsync is essentially a tool used to synchronize files between two computers. It's very useful for backing up data from one server to another or for copying it. But it has one rule: it needs to be secure. It's usually run behind password protection or firewall rules that only allow access from specific IP addresses. On TDM's server, however, none of these measures were in place. The server was configured as if to say, "it's all public, help yourself." Anyone connected to the internet who knew which port to scan could have copied this 147 GB treasure trove of data to their own computer without facing any obstacle.

This situation is one of the most concrete examples of "misconfiguration" errors, which are frequently seen in cybersecurity. As companies focus on the conveniences of cloud computing and rapid data transfer, they can skip the most basic security steps. A setting forgotten by a technician, an unchecked box on a security checklist, can have consequences that affect the lives of millions. This incident is a painful proof of how even the most advanced firewalls and antivirus software can be rendered useless by simple human error or negligence.

Who Was Affected

The one million people affected by this leak are not a random group. They are people who want to start a new chapter in their lives, aiming for a better career through better education. They are recent high school graduates trying to decide which university to attend. Adults bored with their current jobs, looking to gain new skills for a career change. Veterans returning from service, exploring educational opportunities to adapt to civilian life. In short, a hopeful and information-hungry crowd.

These people trusted sites with names like "Learning Curve" and "Degree Authority," which promised to help them find the best schools and programs. They shared their personal information, their dreams, and their goals with these platforms. However, many of these sites are not educational institutions themselves, but "lead generation" platforms. They collect your information, package it, and sell it to for-profit colleges or online education programs willing to pay to reach you. This is a controversial industry in itself. And now, it has been revealed just how insecurely the data collected by this industry can be stored. The victims are not just people whose data was stolen; they are individuals whose hopes and trust have also been shaken.

What You Can Do

Let's set aside cliché advice like "change your password." If you have filled out a form online to get information about a school, course, or certificate program in the last few years, it's safest to assume you may have been affected by this leak. Here are specific steps you can take for this situation:

  • Armor Up Against Phishing: The scammers now know a lot about you. They know what field you want to study and which schools you're interested in. Therefore, be extremely cautious of emails and SMS messages with subjects like "Financial Aid Offer from [School You Like]" or "Your Application Has Been Approved!". Check the sender's address ten times before clicking any links. Remember, no serious institution will ask for your password or financial information via email.
  • Lock Down Your Phone Line: Your phone number was also in the leak. This doesn't just mean annoying spam calls. Scammers can call your mobile operator, impersonate you, and have your SIM card copied to their own phone (SIM Swapping). If this happens, all SMS messages sent to your phone, including banking passwords, will go to them. Call your operator immediately and add an extra security PIN or password to your account.
  • Monitor Your Credit Reports: With your name, address, and date of birth, someone could apply for credit cards or take out loans in your name. Regularly check your credit reports through services like Experian, Equifax, or TransUnion. If you see any activity you don't recognize, contact the relevant bank and legal authorities immediately.
  • Question Your Data-Sharing Habits: The next time you enter information into a form online, ask yourself: "Who is this site? What will they do with my data? Do I have to share this information?" Not every request for information is legitimate. Think twice, especially if it's not the official website of a university (with a .edu domain) but a third-party marketing site.

What the Company Is Saying

According to UpGuard's report, TDM, the company operating the server that was the source of the leak, acted quickly after being notified. Following the notification on May 21, 2026, the server was secured within 24 hours by closing off access. This shows that the company took responsibility and closed the technical vulnerability. However, as of the time of writing, there has been no official public statement from TDM or related companies like The DataWorks, which collected the data, regarding the full scope of the leak, how long the data was exposed, or whether the one million affected individuals will be contacted. The companies' silence leaves the millions whose data was leaked waiting in uncertainty.

Source

https://www.upguard.com/breaches/rsync-tdm

Share This Article
X LinkedIn WhatsApp
← Previous Post Datavant to Pay $900K to Settle Data Breach Lawsuit Next Post → US Voter Data Leaked Millions at Risk

Weekly Newsletter

Curated data breach news delivered to your inbox every week.