hack laptop

Student Hacker Was Able To Breach Thousands of Student Accounts in Maryland District

Originally, the Montgomery County district thought the cyber attack was limited to one high school. But the hacker was able to obtain access to the accounts of over 5,000 students across six schools.

When a student hacker in a Washington, D.C. suburb was able to gain access to the personal data of fellow students in October, the district originally thought that the attack only extended to 1,344 students at one high school.

But it turns out that the student had access to the data of at least 5,962 user accounts from six schools, the Montgomery County Public School district announced on Nov. 25.

The district and the local police department have identified the hacker, who faces possible criminal charges. A forensic analysis of the student’s devices show that the hacker was able to execute a series of attacks in September gave the student data at other schools, which included four middle schools and one more high school. Only Wheaton High School was named in the original announcement of the cyber attack.

Police said that the data does not include any Social Security or financial information, and it does not appear that the suspect shared any of the data with third parties. The data sets did include student GPAs, standardized test scores, addresses, phone numbers and more.

Although the district was not aware of the September breaches until early November, the October attack was quickly picked up by Naviance. The platform automatically reset the passwords of the users whose data was hacked and blocked the IP address of the hacker from accessing the server.

Parents have been advised to request a free credit freeze from their credit bureau, making it difficult for a malicious actor to use the student’s information to open new accounts. In addition, parents can check their children’s credit reports for fraudulent accounts.

“MCPS is committed to safeguarding the privacy and security of our students, families, and staff and MCPS sincerely regrets that this incident has occurred,” the district said in its November memo. “MCPS takes this event very seriously and has implemented improvements to prevent such unauthorized access from happening again.”

Montgomery County is the same district where parents successfully pushed the district to agree to delete data collected on students at least once a year. The advocacy efforts were in motion before the recent data breach.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Buffalo Public School District Modernizes Security With New Cameras NVRs

    i-PRO Co., Ltd. (formerly Panasonic Security), a provider of professional security solutions for surveillance and public safety, recently announced that the Buffalo Public School District (BPSD) has modernized its security footprint with i-PRO multi-sensor and 360° fisheye network cameras, and i-PRO NV300 network video recorders (NVR). The BPSD serves 28,000 K-12 students out of 70 facilities in western New York. Read Now

  • Lessons Learned from Past School Shootings

    Two experts are working together and collaborating on new ways school campuses can develop a proactive and comprehensive security plan. For three consecutive years, the U.S has had a record-high number of school shootings resulting in a repetitive cycle of grievances, anger, and frustration. The U.S. had 344 school shootings in 2023 which surpassed the record-breaking number of 308 school shootings in 2022 as reported by K-12 School Shooting Database. Read Now

  • Mother of Michigan School Shooter Found Guilty on Four Counts of Involuntary Manslaughter

    The mother of the teenager who killed four students in an Oxford, Michigan school has been found guilty of four counts of involuntary manslaughter because of the shooting. That’s according to a report from CNN. Read Now

  • Utah State Legislature Funds Gun Detection Technology and Incident Management System in All Public K-12 Schools

    ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the US Department of Homeland Security SAFETY Act Designation, and AEGIX Global, a Utah-based provider of industry-leading critical incident management services, recently announced that the Utah State Board of Education has approved a contract to provide the joint solution for all Utah public K-12 schools, including charter schools. Read Now

Webinars