GVM Technologies, an educational consulting company operating internationally under the name GradSmart, has allegedly suffered a data breach stemming from a misconfigured cloud database. The incident reportedly involved an unsecured MongoDB instance lacking an IP whitelist and containing plaintext credentials in environment files, allowing an unauthorized party to access and exfiltrate sensitive student information.
According to the actor, the exposed database contains over 2,000 student records primarily related to study abroad programs in the USA, UK, and Canada. The allegedly compromised data includes:
-
Full names
-
Email addresses
-
Mobile phone numbers
-
Physical addresses
-
Dates of birth
-
Passport numbers (at least 205 instances)
-
Parent contact information
-
Study abroad destinations, target intakes, and university preferences
-
IELTS and PTE test scores
-
Visa application statuses
-
Academic and employment history
Daily Dark WebRead More
R1
T1
