Cybersecurity

Student hacker grabbed personal data of thousands of Maryland students

Now facing possible criminal charges, the student's activities have been revealed as more extensive than originally believed.

By Colin Wood

December 3, 2019

(Getty Images)

A brute-force hack in October in which a student gained access to the personal data of other students attending a public school district in Maryland was more extensive than originally thought, the district has announced.

Montgomery County Public Schools, a preK-12 district with 208 schools, announced last October that a Naviance system, an online platform for college and career readiness, was hacked by a student who gained access to the data of 1,344 students attending Wheaton High School. The district and the Montgomery County Police Department identified the student, who now faces possible criminal charges.

But on Nov. 25, the district released a second notice, explaining that police discovered the data breach actually extended to 5,962 user accounts across six schools. A forensic analysis of the suspect’s devices, the notice says, revealed that an initial series of attacks using the same technique in September granted the suspect access to data at other schools: Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School and A. Mario Loiederman Middle School.

Police have said they don’t believe the student shared any of the exposed data and that the data does not include Social Security or financial information. Rather, it included 18 other data sets, including student ethnicities, GPAs, standardized test scores, addresses and phone numbers.

While the September breaches went undetected until recently, the attack on Oct. 3 was quickly detected by Naviance, which, according to the district, blocked the IP address of the attacker and automatically reset the passwords of the affected users.

“MCPS is committed to safeguarding the privacy and security of our students, families, and staff and MCPS sincerely regrets that this incident has occurred. MCPS takes this event very seriously and has implemented improvements to prevent such unauthorized access from happening again,” the district’s recent notice says.

The district is telling parents to monitor student credit reports and freeze their credit through the credit bureaus.

Student hacker grabbed personal data of thousands of Maryland students

More Like This

North Carolina university adds maritime specialization to cyber program

Cal Poly to launch cybersecurity workforce development initiative

University of South Florida preparing new college for AI, cybersecurity

More Scoops

University students sue ticketing platform over data breach

Miami high schooler charged in DDoS attacks against district

College Board sold student data for 47 cents each, lawsuit claims

Mass email exposes personal data of Georgia Tech students, again

How to discuss student data privacy in your school and community

Students steal district data to gain edge in ‘Senior Water Games’

Los Angeles launches consolidated student data system

Latest Podcasts

Student hacker grabbed personal data of thousands of Maryland students

CIO Matt Gunkel on how gen AI is transforming UC Riverside

Finding the right place for generative AI in the classroom

New REN-ISAC director wants to build ‘trust community’

Higher Education

K-12

Cybersecurity

Hybrid Learning