In October, Montgomery County Public Schools in Maryland notified parents after one of their high schools in Naviance was hacked. At the time, the high school reported that it had suffered a brute force attack on October 3 that impacted 1,343 Naviance student accounts and one parent/guardian account at Wheaton High School.
On November 25, the district issued an updated report that revealed that further investigation had determined that the individual responsible for the incident at Wheaton High School (who had been identified as a student):
also accessed and downloaded information from students’ Naviance accounts at five additional MCPS schools. The schools impacted include: Wheaton High School, Montgomery Blair High School, Julius West Middle School, Argyle Middle School, Parkland Middle School, and A. Mario Loiederman Middle School.
The forensic examination revealed that investigators had found
evidence of additional attacks performed by the student against multiple MCPS Naviance platforms between September 12, 2019 and September 14, 2019. After further investigation, MCPS and MCPD determined that the student accessed a total of 5,962 accounts across six schools. The student downloaded the same demographic information that was downloaded from the Wheaton
High School accounts. The information accessed did not include social security numbers, banking information, or credit card information. At this time, MCPD does not believe that the student shared any accessed information with others. The student currently faces additional disciplinary action based on the expanded scope of the brute force attacks as well as possible criminal charges.
You can access the full updated incident report here.