15-Year-Old Steals Data on 55,000 People in School District Hack
And school isn’t even out for the summer yet: A 15-year-old student allegedly hacked into his Chester County, Pa., high school’s computer network and stole personal information on 55,000 people.
The student, who attends the county’s Downingtown West High School, reportedly used a flash drive to siphon off the names, addresses, and Social Security numbers of around 15,000 students and school employees and members of the community. According to the Downingtown Area School District, the student used a classroom computer during study hall time to illegally access the information, and later shared it with another student.
Even worse, this is the second time since December that a student has broken into the Downingtown Area School District’s computers, even after school officials said they had improved security in the wake of the last breach. In the December hack, a 16-year-old student used a password-cracking tool to open an encrypted file he had surreptitiously downloaded. That student was charged with a felony, and the school district has since been in the process of revamping its access management processes and systems.
School officials maintain that in both cases, the students involved in the breaches didn’t do so for identity theft purposes, but rather were “motivated by an irresponsible interest in determining whether they could infiltrate the network and circumvent the safeguards.”
The 15-year-old hacker in the latest case has been charged with three felonies and a misdemeanor for the hack, and is currently in the custody of his parents. Police investigators said in a press release that they don’t think the data went beyond the student and the classmate with whom he shared the data. “Our investigation at this point does not indicate that the personal information breached was sold or otherwise mass distributed,” according to a press release issued by the Downingtown Police Department, which is investigating the hack.
Meanwhile, the school district says it’s taking measures to better lock down its Central Office server, including further limiting user access and eliminating generic log-in permissions it had offered to community members attending school district workshops. It’s also holding a public meeting next week on cyber security, which will include presentations by the U.S. Secret Service and a security expert.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024