Student Reports Intentional Security Breach in Greenville County

• By Dian Schaffhauser
• 10/14/08

A student at a high school in South Carolina recently informed the district's technology services department that he was able to bypass security controls to gain unauthorized access to a district file server containing students' names, addresses, Medicaid ID numbers, and Social Security numbers.

The student attends Riverside High School in the Greenville County Schools district. According to a statement on the district's site, the student reported the security breach Sept. 26.

The district said there was no evidence to indicate that any data was transmitted to any other person or used in any manner. "Although we have no indication that any misuse has occurred, as a precaution we are informing our students and parents of this situation," the district said.

The student provided IT personnel the portable storage device to which he had downloaded the information and a written statement that he had neither shared nor reproduced that information. The IT staff initiated the district's incident response procedures, which includes investigation of the incident by staff information security personnel and referral to the Greenville County Sheriff's Department Investigations Division.

Law enforcement and the school district are conducting separate ongoing investigations. The results of the district investigation, the district said, will determine any school disciplinary action.