The 15 year-old Pennsylvania student breached security on the network, which belongs to the local education authority, and retrieved names, addresses and social security numbers.
Police said on Wednesday they had arrested the student, who could not be named because of their age, and charged them with four offences of unlawful duplication and theft.
The authority, Downington Area School District, said it thought the hack, which took place on 9 May, was motivated by wanting to gain access to the system for "irresponsible interest", rather than for criminal intent. Police believe the stolen data was passed by the hacker to just one schoolfriend.
The student has been sent home and had their computer and flash drive seized by police. They will later face the four charges in a juvenile court.
It's not the first time the authority has been hacked by a youngster. A 16 year-old successfully broke into its network in December last year before decrypting a file using password cracking software. Since then, students have managed to circumvent the authority's filtering software, Websense, in order to download games to school servers.
In a statement, the authority said it would tighten its security by segregating its central server from the rest of the network. It added that it would remove generic login permissions, which it had offered to members of the community attending school workshops. It also said it would review its logging and auditing procedures.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
