ROCKVILLE, Md. (WDVM) — Back in October, we reported that personal information of nearly 2,000 students from Montgomery County Public Schools have been compromised due to a data breach, but a recent investigation reveals that number has grown.
Nearly 6,000 students’ personal information have been leaked including GPA’s, SAT scores, addresses and phone numbers. The information was stolen after a student hacked into a college prep system called Naviance.
“They did this in two different attacks, one that took place in September and one that took place in October,” said Maya Levine, Check Point Software, security engineer.
School officials have not released the name of the student behind this attack, but a total of six schools across Montgomery County have been affected including Wheaton High School, Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School, and A. Mario Loiederman Middle School. An expert from Check Point Software explains how the student managed to commit a brute force attack on their own school district.
“This is when you take multiple password and username combinations and you keep guessing with different combinations until you manage to find one that grants you access to the system,” said Levine.
Montgomery County Public School officials released a statement saying they forced a district-wide password reset for all Naviance student accounts to prevent any further unauthorized access. They also required students to reset all their passwords. To prevent future attacks, experts suggest a stronger system to block users after a certain amount of failed attempts, always require changing passwords frequently, and always remain vigilant.
The information that the student accessed did not include social security numbers or bank account information.