Schools Data Breach: Nearly 6,000 Students' Personal Info Stolen

WHEATON, MD — A Montgomery County Public Schools data breach has compromised the personal information of nearly 6,000 students, according to officials.

School administrators and county police believe a student was behind the attack, but have not released a name. They accuse the student of downloading personal data — including GPAs, SAT scores, and phone numbers — linked to 5,962 Naviance accounts.

Naviance, an online college and career preparedness program used by Montgomery County students, first alerted the school system of a data breach in early October, officials said. The unauthorized user allegedly attempted many username and password combinations before eventually gaining access to 1,343 Naviance student accounts at Wheaton High School.

But the data breach was much bigger.

According to a statement posted online by the school system, the student accessed a total of 5,962 accounts across six schools. The schools affected include: Wheaton High School, Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School, and A. Mario Loiederman Middle School.

"On November 6, 2019, MCPD notified MCPS that they had completed a forensics analysis of the student's devices and that they found evidence of additional attacks performed by the student against multiple MCPS Naviance platforms between September 12, 2019 and September 14, 2019," officials said.

The information that the student accessed did not include Social Security numbers or banking information. Police do not believe that the suspect shared other people's personal information.

The student, school officials say, "faces additional disciplinary action based on the expanded scope of the brute force attacks, as well as possible criminal charges."

In response to the alleged attack, the school district has ordered all students to reset their passwords.

"MCPS is committed to safeguarding the privacy and security of our students, families, and staff and MCPS sincerely regrets that this incident has occurred. MCPS takes this event very seriously and has implemented improvements to prevent such unauthorized access from happening again," officials said.