By searching student names or entering a search query related to graduate program applications in search engines, users could access, view and download hundreds of letters of recommendation for applicants to UW-Madison graduate programs.
Though the issue appears fixed on Google as of Thursday evening, searching the same queries in search engine DuckDuckGo shows personal email addresses and other sensitive information about students.
Clicking on the page links to recommendation letters now shows UW-Madison’s online recommendation application is “down for a critical patch.”
It’s unclear how long the security flaw has been in place and the extent of letters affected. Searches conducted by The Daily Cardinal indicate there were accessible letters for applicants across nearly all UW-Madison graduate programs.