Needham schools say system was breached

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.boston.com/news/education/k_12/articles/2008/08/26/needham_schools_say_system_was_breached/

By Peter Schworm
Globe Staff
August 26, 2008

A junior at Needham High School posted students' schedules and 
identification numbers and teachers' classroom rosters on his Facebook 
account after hacking into an online student information system, school 
officials said yesterday.

In an e-mail sent yesterday morning to high school parents, principal Paul 
Richards and the district's superintendent, Dan Gutekanst, said the 
student admitted he had obtained and posted the information after learning 
part of a teacher's password, then developing a program to penetrate the 
system. The student posted the information as an Excel file that was 
e-mailed among other students.

"As you might imagine, this is a serious breach of our system and will 
require significant work to determine how to prevent this from happening 
again," stated the e-mail to parents.

Students who accessed the information notified school officials about the 
breach, and Richards talked to the alleged hacker. The student did not 
alter any information, Richards said. School officials did not release the 
boy's name.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml