DOWNINGTOWN, Pa. (CBS) — A student prank went too far after personal information belonging to dozens of students was hacked. The data breach was first detected at the Downingtown Area School District last week.
District officials say it was a student who hacked the system. They say the breach is now contained and students’ information was not manipulated in any way.
“It makes me kind of nervous knowing somebody can hack into our school system,” student Holly Griswold said.
“An attack like this in an attack not only on the school district, but it’s also an attack on our students and their families,” school district official Jennifer Shealy said.
The breach was first discovered on Oct. 11.
Officials say a student used coding methods to gain access to a student portal called Naviance. The website helps students with their post-high school plans.
“It looks like it was what we call an account takeover, so the hacker was able to get teachers’ login information and from there they could access all the students’ information,” said Maya Levine, a security engineer with Check Point Software.
October is Cybersecurity Awareness Month. Levine says everyone should all take precautions.
“What individuals can do to protect against that are pretty simple things — have a strong password and change it as frequently as you can,” Levine said.
A school district spokesperson says the hacker gained access to a range of private information: student identifications, grade point averages, addresses, phone numbers, genders and ethnicities.
Officials say the attack wasn’t malicious.
They say a student wanted to gain a competitive advantage in a game known as Senior Water Games, where students go around town shooting water guns at each other.
“I trust my school district and I trust that they’re handling it and I trust they’re keeping our information confidential, and I know they have a handle on things,” student Rema Refej said.
In addition to individuals changing their passwords, the district says they’re also modifying their internal systems to prevent another breach.