And school isn’t even out for the summer yet: A 15-year-old student allegedly hacked into his Chester County, Pa., high school’s computer network and stole personal information on 55,000 people.

The student, who attends the county’s Downingtown West High School, reportedly used a flash drive to siphon off the names, addresses, and Social Security numbers of around 15,000 students and school employees and members of the community. According to the Downingtown Area School District, the student used a classroom computer during study hall time to illegally access the information, and later shared it with another student.

Even worse, this is the second time since December that a student has broken into the Downingtown Area School District’s computers, even after school officials said they had improved security in the wake of the last breach. In the December hack, a 16-year-old student used a password-cracking tool to open an encrypted file he had surreptitiously downloaded. That student was charged with a felony, and the school district has since been in the process of revamping its access management processes and systems.

School officials maintain that in both cases, the students involved in the breaches didn’t do so for identity theft purposes, but rather were “motivated by an irresponsible interest in determining whether they could infiltrate the network and circumvent the safeguards.”

The 15-year-old hacker in the latest case has been charged with three felonies and a misdemeanor for the hack, and is currently in the custody of his parents. Police investigators said in a press release that they don’t think the data went beyond the student and the classmate with whom he shared the data. “Our investigation at this point does not indicate that the personal information breached was sold or otherwise mass distributed,” according to a press release issued by the Downingtown Police Department, which is investigating the hack.

Meanwhile, the school district says it’s taking measures to better lock down its Central Office server, including further limiting user access and eliminating generic log-in permissions it had offered to community members attending school district workshops. It’s also holding a public meeting next week on cyber security, which will include presentations by the U.S. Secret Service and a security expert.

— Kelly Jackson Higgins, Senior Editor, Dark Reading