District Data Breach Leads to Prison Time

A Washington State man has been sentenced to 10 years in prison after pleading guilty to 31 counts of criminal activity, most related to a school district data breach. Christopher Berge, now 21, was a student at Mountain View High School in Evergreen Public Schools when he "shoulder surfed"--physically observed--a password used by a district employee.

Berge later used the password to gain access to the district's student information system, hosted by the Washington School Information Processing Cooperative (WSIPC). From there, he was able to gain access to the payroll data of another district in the state, Vancouver Public Schools. That data included bank account information, Social Security numbers, and birthdates of 5,000 current and former school district employees, according to documents posted on the Vancouver district's Web site.

Berge attempted to use those details to alter bank account information, create checks, and request and use credit cards. He also attempted to change payroll information within the system but was unsuccessful in those efforts. Berge was arrested in November 2009, according to local newspaper coverage, after attempting to use one of the fake checks at a local store.

The Vancouver district put fraud prevention and resolution services in place for those affected. The cost of those measures--$62,000--was subsequently reimbursed by the cooperative. WSIPC provides IT services to 290 districts and schools in Washington.

The superintendent of the Vancouver district, Steve Webb, asserted in a letter to the community that the district also suffered "damage to our reputation with the public and our employees. Hundreds of hours were spent investigating the extent of the compromised data and developing the plans and procedures to protect staff from further exposure to fraud.... District staff also spent countless hours working with financial institutions, answering employee questions, and preparing internal and external communications. It is impossible to measure lost productivity as employees worried about their financial security and worked to change bank account and payroll information."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Pattern of desks with interconnected circles, triangles, and lines

    Classroom Furniture Giveaway Seeks Dream Learning Space Design

    Educators have a chance to design their ideal K-12 learning space in a contest recently announced by classroom furniture manufacturer KI.

  • futuristic crystal ball with holographic data projections

    Call for Opinions: 2025 Predictions for Education IT

    How will the technology landscape in education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • sleek fishing hook with a translucent email icon hanging from it

    Phishing-as-a-Service Attacks on the Rise, Report Warns

    Cybersecurity researchers at Trustwave have identified a surge in malicious e-mail campaigns leveraging Rockstar 2FA, a phishing-as-a-service (PhaaS) toolkit designed to steal Microsoft 365 credentials.