Personal information, SAT scores and GPAs of nearly 1,350 students at a suburban Maryland high school were exposed after a student figured out the username and password needed to access the data.
The student allegedly downloaded demographic data October 3 associated with Wheaton High School students’ accounts on Naviance.
Montgomery County Public Schools, said the student wrote a program or algorithm that tried various combinations of usernames and passwords.
The student does not attend Wheaton High, and Turner declined to identify the student because the person is a minor.
TPRM report: https://scoringcyber.rankiteo.com/company/maryland-high-school-gujranwala
"id": "mar03917423",
"linkid": "maryland-high-school-gujranwala",
"type": "Data Leak",
"date": "10/2019",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 1350,
'industry': 'Education',
'location': 'Maryland',
'name': 'Wheaton High School',
'type': 'Educational Institution'}],
'attack_vector': 'Brute Force',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 1350,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'SAT Scores',
'GPAs']},
'date_detected': '2023-10-03',
'description': 'Personal information, SAT scores and GPAs of nearly 1,350 '
'students at a suburban Maryland high school were exposed '
'after a student figured out the username and password needed '
'to access the data.',
'impact': {'data_compromised': ['Personal Information', 'SAT Scores', 'GPAs'],
'systems_affected': ['Naviance']},
'initial_access_broker': {'entry_point': 'Naviance Accounts'},
'motivation': 'Unspecified',
'post_incident_analysis': {'root_causes': 'Weak Username and Password '
'Combinations'},
'threat_actor': 'Student',
'title': 'Data Breach at Wheaton High School',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak Username and Password Combinations'}