Personal information of more than 1,300 students at Wheaton High School was exposed early this month.
A Montgomery County Public Schools student hacked into an online “college and career readiness program that supports MCPS students” as they develop plans for after high school, according to a statement posted online by the school district.
The student, who MCPS officials did not name because they are a minor, determined the user name and password for the program, Naviance. The student downloaded data including SAT scores, GPAs, personal information, student IDs, phone numbers and email addresses of 1,344 students.
The information did not include Social Security numbers, banking information or credit card information, according to the MCPS statement.
The Washington Post first reported the data breach Tuesday evening.
The student tried “many username and password combinations” before finding the correct combination, the letter said. The “sequential brute force attack” occurred on Oct. 3.
Naviance notified MCPS the next day.
The student who allegedly broke in was identified on Oct. 7 and “faces disciplinary action as determined by local school administrators.” Criminal charges have not been filed, but could be filed later, according to the statement.
The student told school officials and police he shared the data with other students. Police confiscated the suspect’s technology devices.
In response to the data attack, all Naviance users at the school were directed to reset their passwords.
MCPS spokesman Derek Turner could not be reached for further comment Wednesday morning.
Caitlynn Peetz can be reached at firstname.lastname@example.org