Nearly 6K students info reportedly compromised in Montgomery County schools data breach
MONTGOMERY COUNTY, Md. (WJLA) — A Montgomery County Public Schools data breach performed by a student may have compromised information for nearly 6,000 students.
According to MCPS officials, the data breach was first revealed in October and has become worse. The incidents occurred with a company called Naviance which a college and career readiness program that supports MCPS students in exploring and developing their postsecondary plans.
An investigation of a data security incident affecting Naviance accounts at Wheaton High, MCPS officials and Montgomery County Police determined that the person responsible for the incident at Wheaton High School also accessed and downloaded information from students' accounts at five other MCPS schools.
The schools impacted by the data breach are Wheaton High School, Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School, and A-Mario Loiederman Middle School.
School officials say a student attack against Wheaton High School's Naviance platform to gain access to user account information. The student obtained access to 1,344 accounts and downloaded demographic info from those accounts.
MCPS and Montgomery County Police identified the student responsible for the incident and authorities took the student's laptop and iPhone for their investigation. The student is facing disciplinary action and possible criminal charges.
According to MCPS, Naviance notified the school system on Oct. 4, 2019, about a data security incident that happened on Oct. 3, 2019, affecting over 1,300 Naviance student accounts and a parent/guardian account at Wheaton High School.
The data attack led to Naviance having to reset the passers of account holders impacted.
In November, Montgomery County Police and MCPS officials found evidence that the student performed the data attacks towards multiple MCPS Naviance platforms over two days in September.
Police and school officials also discovered that the student accessed approximately 5,962 accounts over six schools. The student downloaded the same demographic information that was downloaded from the Wheaton High School student accounts, according to MCPS.
Information accessed in the data breach didn't include social security numbers, banking information, or credit card information. Additionally, investigators do not believe the student shared any of the information with other people.
In response to the data breach, MCPS forced a school-district-wide password reset for all Naviance student accounts to prevent additional unauthorized access to account information.
