The online hacker group 4chan was able to discover the password for the system and post it on its message board, enabling 4chan users to infiltrate the Genesis Student Information System used by the Plainfield, New Jersey, school district, according to a report by ComputerWorld. The Genesis system is used to manage student records and communicate with students and parents.
It is not clear whether any information was stolen, but the 4chan users posted screenshots showing how they were able to manipulate the school’s Genesis system. One screenshot showed lunch prices reset to $9000 per meal. Another post said that “every class is now elective, and requires only 1 credit to graduate”, according to the report.
The school district admitted to the breach in a Jan. 22 announcement posted on it website, which said that “there were unauthorized breaches of one of the District’s computer systems in an attempt to vandalize electronic data and to disrupt school district operations. There has been no permanent damage to the electronic files and steps are being taken to remedy the situation and further secure the system. It is important to note that social security numbers or credit card information maintained on our system were not compromised.”
Genesis said it fixed the problem and posted a brief note offering customers these password protection tips: “Please remember to refresh your security practices. It is good policy to have all users change their password at the start of the year. Be sure that you don't have any easy to guess common passwords. To prevent break-ins, set lockout parameters to disable a login after sequential incorrect login attempts. Time out users after a reasonable period of inactivity.”
The school district’s interim superintendent, Anna Belin-Pyles, said that law enforcement had been contacted and “any culpable parties will be prosecuted to the full extent of the law.”