Leverage EDU, a university admission platform, has suffered a data breach that exposed almost 240,000 sensitive files including students’ passports, financial documents, certificates, and exam results.
The breach was discovered by the Cybernews research team who found that Leverage EDU had leaked extremely sensitive data due to the misconfiguration of their systems. This meant that anybody could access all of the student’s personal information needed to apply to universities without authentication.
Leverage EDU is a one-stop admission platform for students seeking to study abroad. It claims to have a network of over 650 educational institutions worldwide and 80 million users over the last year. With branches throughout India, the company has quadrupled its workforce since the pandemic and secured $22 million in funding from international investors. It runs offices in the UK and Australia.
The leaked data included degree certificates, student report cards, exam results, CVs, and filled application forms, along with phone numbers, emails, and home addresses.
Personal identification documents such as passport photos belonging to students and their parents were also among the leaked data, as well as users’ financial information, including bank statements, student loan documents, loan co-signers’ identification documents, and payslips.
The breach poses a serious threat as a malicious actor could have exploited the leaked personal data to commit identity theft and fraud. Cybernews advises always securing cloud storage buckets to prevent such data leaks. Affected users should monitor their financial accounts for any suspicious activities and should exercise caution when receiving messages, avoid clicking links, and verify information in suspicious emails via trusted sources before taking action.
Victims of the breach should contact the government branches responsible for issuing those documents, ask for them to be invalidated, and for new documents to be issued. Leverage EDU has confirmed that the problem has been solved and that an investigation of their systems is underway.
