Student Hacker Was Able To Breach Thousands of Student Accounts in Maryland District -- Campus Security Today

Student Hacker Was Able To Breach Thousands of Student Accounts in Maryland District

Originally, the Montgomery County district thought the cyber attack was limited to one high school. But the hacker was able to obtain access to the accounts of over 5,000 students across six schools.

By Haley Samsel
December 17, 2019

When a student hacker in a Washington, D.C. suburb was able to gain access to the personal data of fellow students in October, the district originally thought that the attack only extended to 1,344 students at one high school.

But it turns out that the student had access to the data of at least 5,962 user accounts from six schools, the Montgomery County Public School district announced on Nov. 25.

The district and the local police department have identified the hacker, who faces possible criminal charges. A forensic analysis of the student’s devices show that the hacker was able to execute a series of attacks in September gave the student data at other schools, which included four middle schools and one more high school. Only Wheaton High School was named in the original announcement of the cyber attack.

Police said that the data does not include any Social Security or financial information, and it does not appear that the suspect shared any of the data with third parties. The data sets did include student GPAs, standardized test scores, addresses, phone numbers and more.

Although the district was not aware of the September breaches until early November, the October attack was quickly picked up by Naviance. The platform automatically reset the passwords of the users whose data was hacked and blocked the IP address of the hacker from accessing the server.

Parents have been advised to request a free credit freeze from their credit bureau, making it difficult for a malicious actor to use the student’s information to open new accounts. In addition, parents can check their children’s credit reports for fraudulent accounts.

“MCPS is committed to safeguarding the privacy and security of our students, families, and staff and MCPS sincerely regrets that this incident has occurred,” the district said in its November memo. “MCPS takes this event very seriously and has implemented improvements to prevent such unauthorized access from happening again.”

Montgomery County is the same district where parents successfully pushed the district to agree to delete data collected on students at least once a year. The advocacy efforts were in motion before the recent data breach.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Shooter Detection Systems Joins Partner Alliance for Safe Schools to Strengthen School Safety Efforts
04/08/2024
Parents are Part of School Security, Too
03/19/2024
Enhancing School Safety
03/15/2024
Access Control Trends
03/14/2024

Featured

California School District Modernizes Surveillance System

i-PRO Co., Ltd. (formerly Panasonic Security), a provider of professional security solutions for surveillance and public safety, recently announced that the Murietta Valley Unified School District (MVUSD) in Riverside County, CA, has undertaken a project to modernize its first-generation surveillance system to new high-resolution i-PRO network cameras, and the i-PRO Video Insight video management system (VMS). Read Now
- Video Surveillance
RAD Makes History with First Robotic Dog Deployed to Taylor Police Department

Robotic Assistance Devices, Inc. (RAD), a subsidiary of Artificial Intelligence Technology Solutions, Inc., recently announced that it has delivered a RADDOG LE to the Taylor, Michigan Police Department. The delivery of RADDOG LE to the Taylor Police Department marks a historic moment in the integration of technology within law enforcement. This milestone underscores RAD’s commitment to revolutionizing the landscape of security and public safety through cutting-edge AI-powered, robotic solutions. Read Now
- Facility Security
Passing the Test

The discussion about secured access and access control for higher education and K-12 is continuously expanding and evolving. That is a good thing. The more knowledge we gain and the more solutions that become available, linked and interoperable, the better and higher the level of security and safety. Read Now
- Access Control
Driving a Major Shift

One of the driving forces for change has been the high demand for unified solutions. Users are asking their vendors for a way to manage all their security systems through a single interface, from a single pane. This has led to a flurry of software development to seamlessly integrate access control systems with video surveillance, intrusion detection, visitor management, health monitoring, analytics with artificial intelligence (AI), and more. Read Now
- Video Surveillance

Webinars

Hanwha Techwin, Salient Systems, Evolv Technology, Omnilert, Eagle Eye Networks Inc, Traka ASSA ABLOY, i-PRO Americas Inc., Digital Watchdog, IPVideo Corporation, ProdataKey

Exploring Multiple Facets of Campus Security Summit
SparkCognition

How Visual AI Is Transforming the Conventional School Safety Model
Omnilert, Salient Systems, IPVideo Corporation, Hanwha Vision (formerly Hanwha Techwin), Evolv Technology, i-PRO Americas Inc., Arcules, Rave Mobile Safety, a Motorola Solutions Company

Providing Notification to the Masses

Whitepapers

Metrasens

Case Study | Creating a Welcoming and Safe Experience for School Events
ProVision

Guide to Body Cameras for Campus Security
Omnilert

Guide to Evaluating Gun Detection Technology