Skip to content
Link copied to clipboard
Link copied to clipboard

Students hack into Chester County school district system for senior game, exposing student information

The district said the alleged hackers were students trying “to obtain student addresses to gain a competitive advantage for the senior water games."

A data breach at Downingtown Area School District exposed thousands of students' information.
A data breach at Downingtown Area School District exposed thousands of students' information.Read moreGoogle Images (custom credit)

A data breach of Downingtown Area School District’s college-preparatory program gave hackers access to thousands of students’ GPAs, SAT scores, and personal information.

The district, which has 17 schools and is one of the state’s largest, said it discovered attempted hacks into Naviance, a college and career resource website, on Oct. 11.

An investigation determined that the perpetrators obtained teacher-level access to district accounts, and then extracted student profile information, including student IDs, GPAs, and SAT scores, for the district’s more than 12,600 elementary, middle, and high school students, according to the district.

No social security numbers or credit card information for students or parents were accessed, the district said in a statement.

The district described the alleged hackers as students who said they were trying “to obtain student addresses to gain a competitive advantage for the senior water games," an intense type of tag-elimination game played outside of school.

“We understand that the students had no malicious intent to access the information,” a district spokesperson said. “But actions do have consequences.”

The district did not disclose additional information about the alleged hackers, citing privacy reasons, but said the students would be “severely punished.” The spokesperson didn’t describe any specific potential consequences and said that the district had not decided whether it would be pressing charges.

The district is continuing to investigate the incident, and said that all students and teachers were required to change passwords and that “modifications have and will continue to be made to our internal practices.”