Business school hopefuls who tried to gain access to application files rejected

The Graduate School of Business has rejected all 41 applicants who tried to gain unauthorized access to their application files after an unidentified hacker posted instructions on BusinessWeek's website March 2 about how to access the confidential information.

Robert L. Joss, dean of the school, issued a statement April 1 saying that, after "careful consideration of each individual case," the school decided to admit none of the prospective students.

The hacking incident has had national repercussions, with Harvard announcing March 7, five days after the security breach occurred, that it would reject all 119 applicants who tried to gain unauthorized access. Carnegie Mellon's Tepper School of Business also quickly rejected one applicant involved. Initially, Stanford, MIT, Duke and Dartmouth officials reacted more cautiously, saying that they wanted to evaluate applicants on a case-by-case basis.

Despite gaining access to their files, none of the Stanford applicants succeeded in obtaining information about his or her status because admission decisions had not yet been posted to ApplyYourself, the online application and notification program used by the targeted schools. Later, MIT's Sloan School of Management decided to reject all 32 of its affected applicants, and Duke's Fuqua School of Business turned down the one person who attempted unauthorized access. Dartmouth's Tuck School of Business was the only institution that, despite the breach weighing as a strong negative factor, decided to accept a small number of applicants, although it rejected most of the 17 electronic intruders. Gina Place, assistant director of public relations at Tuck, said so far none of those admitted have accepted the school's offer.

According to Joss's statement, the Stanford Graduate School of Business asked the 41 applicants whose ApplyYourself accounts had been breached to explain their actions. "We reviewed each individual statement that was submitted to determine whether the applicant had undertaken the action, and if so, what was his/her intent," the statement read. "Not all of the candidates were otherwise competitive for admission. Of the competitive applicants, none of those who gained unauthorized access was able to explain his/her actions to our satisfaction. This was then a negative factor in our decision-making."

Joss noted that while Stanford was dismayed by the actions of the candidates who tried to gain unauthorized access, it "did not rush to judgment given the limited information available to us initially. By carefully reviewing the file of each applicant involved in these incidents, we upheld the business school's values while treating each applicant fairly. As an educational institution, we hope that the applicants involved in this incident might learn from their experience."