Home > National > Social Affairs

Personal data of over 1,000 SNU students exposed for nearly 2 years, including whether they snore

Published: 18 Dec. 2025, 19:31

Seoul National University's Gwanak Dormitory in southern Seoul [SCREEN CAPTURE]

Personal information belonging to more than 1,000 undergraduate students who entered Seoul National University (SNU) last year was found to have been exposed online for nearly two years — including sensitive data such as their names, birth dates and socioeconomic status. SNU said it will report the incident to the relevant authorities and form an internal task force to address the matter.

The school discovered that data from 1,046 respondents to a Google Form used for recruiting participants for a pilot residential college program — the Living and Learning (LnL) project — in February last year had been publicly accessible online, the university’s Gwanak Residence Hall said in a notice posted on its website Thursday.

The exposed information included basic personal details such as email addresses, gender, full names, student ID numbers, phone numbers, college and department affiliations, nationality and date of birth. It also included sensitive data such as disability status, eligibility for basic livelihood support programs, home addresses, preferred bedtime, whether the person snores, hobbies and reasons for applying to the program. However, SNU clarified that financial data, resident registration numbers and passwords were not collected and therefore not exposed.

The breach went unnoticed by the university for nearly two years until the presidents’ council of student governments uncovered the issue while reviewing documents related to the LnL project. According to the council, the vulnerability was discovered during a document review, when it became apparent that anyone with the link could access the personal data. The group immediately notified the university administration.

The Google Form used to collect applicants for Seoul National University's Living and Learning (LnL) program, deleted as of Dec. 18, 2025 [SCREEN CAPTURE]

"We were informed of the situation at 5:51 p.m. on Dec. 17 and blocked access to the system and deleted the data by 6:20 p.m.," said the office. “We will report the incident to personal data protection authorities and begin a joint investigation with a cybersecurity firm.”

“In accordance with data breach reporting procedures, we will notify the Ministry of Education and either the Personal Information Protection Commission or the Korea Internet & Security Agency. The university will also form an emergency task force to respond to the situation,” added the office. Under Korea’s Personal Information Protection Act, data handlers must report breaches involving 1,000 or more individuals within 72 hours of discovery.

Students expressed anxiety following the announcement. “All I did was apply for a dormitory, and now my personal data has been leaked — it’s shocking,” said a 19-year-old student who participated in the LnL pilot program last year. “I’m worried that my phone number could be used for phishing scams or other crimes.”

A notice is posted on Seoul National University's Gwanak Domitory, apologizing for the leak of some 1,000 undergraduate students' data, on Dec. 18, 2025. [SCREEN CAPTURE]

“There have been other cases where the residence hall collected data through Google Forms," said another participant, a 21-year-old student who joined the program both last year and this year. "I’m concerned that something similar could happen again.”

In response, the residence hall explained that the issue arose because the LnL program was still in its pilot stage and lacked a proper student support system. The program has since become a regular offering and now uses an integrated administrative system, according to the school.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY LEE GYU-RIM, KIM CHANG-YONG [[email protected]]