US test preparatory firm The Princeton Review accidentally published test scores and other private information of tens of thousands of Florida students on its web site, which were displayed for seven weeks before anybody noticed.
And unfortunately for The Princeton Review, it was a rival test-prep company who discovered them while doing competitive research, gleefully contacting The New York Times with web addresses containing exam scores, ethnicities, learning disabilities and a host of educational materials and internal communications data.
The error seems to have come about due to an oversight in configuring the website, meaning anyone could basically type in a simple web address and be allowed access to files on the company's private network.
The Princeton Review admitted that the content should have been protected by a password, but that it might have been lost when moving to a new ISP in June.
The company's chief operating officer, Stephen Richards, said: "As soon as I found out about this security issue we acted immediately to shut down any access to this information.
"The Princeton Review takes internet privacy seriously, and we are currently conducting a review of all of our procedures."
Article continues below