MONTGOMERY COUNTY, Md. — Montgomery County School officials announced that several of their schools have been affected by a data breach.
School officials said they were originally notified of the data security incident in October. The incident happened through Naviance, the school system's online college and career readiness program for MCPS students interested in postsecondary plans.
Naviance reported to MCPS Oct. 4 that around 1,300 student accounts and one parent/guardian account at Wheaton High School was compromised. It was reported that an unauthorized user conducted a "brute force" attack against the high school's Naviance platform to access accounts.
Information such as names, email addresses, date of births, phone numbers, student ID numbers, GPA, highest SAT, PSAT, ACT and IB scores were all accessed.
"MCPS is committed to safeguarding the privacy and security of our students, families, and staff and MCPS sincerely regrets that this incident has occurred. MCPS takes this event very seriously and has implemented improvements to prevent such unauthorized access from happening again," MCPS said in a statement. "Additional information regarding this data security incident is provided below. We will continue to be forthcoming with any relevant information."
MCPS and Montgomery County Police were able to identify the person behind the attacks. They learned that it was a student who was responsible for the unauthorized brute force attack to gain access to the accounts. Authorities confiscated the student's phone and laptop as part of the investigation and discovered 5,962 additional accounts across six schools made from Sept. 12 to 14.
The schools impacted are Wheaton High School, Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School and A. Mario Loiederman Middle School.
Police believe the student didn't share any of the accessed accounts with other people. MCPS has conducted a password reset for all Naviance student accounts in an effort to secures accounts from additional unauthorized access.
With the release of this information, MCPS officials are asking parents and guardians to take steps to ensure that their child's identity is secure. They advise parents to request a credit freeze, check their child's credit reports, and to review their child's information on Child Identity Theft from the Federal Trade Commission.
The student accused of the breach is facing disciplinary actions with the school system along with possible criminal charges.
For more information about the data breach, MCPS officials ask that questions or concerns regarding the incident be directed through email at information_security@mcpsmd.net.