Students at a Pennsylvania high school are being questioned by police after allegedly hacking into a school website to gain a competitive edge in a high-stakes water gun fight.
A breach of student college and career resource website Naviance was discovered by the Downington Area School District on October 11. An investigation by the district revealed that 12,600 students' addresses, ID numbers, grade point averages (GPAs), and SAT scores had been compromised.
Downington East High School became aware of the breach after a Top 50 GPA list began circulating around the school. The Downington Area School District notified police of the breach last Tuesday and sent a letter out to parents last Thursday.
In the letter, the district alleged that the hack was committed by a group of Downington East High School students seeking victory in a water gun fight played outside of school. The game, which is known as "senior water games" or "assassin," usually involves a cash payout to the winner.
According to the district, the students hacked into Naviance to access the home addresses of other students playing the water fight game.
"No information was altered or manipulated in any way. There are no social security numbers for students or parents in any of our systems. No credit card information is stored in these systems, and no credit card information was compromised," wrote the district.
Multiple students are currently being questioned over the breach.
"The consequences for these young individuals [are] likely to be severe. Cyber-hacking is a federal crime, and we are working with the proper authorities to determine the appropriate discipline and legal ramifications," wrote the district.
In a statement released on Friday, Uwchlan Township Police Department said: "Based on the investigation by the Downingtown Area School District, and the ongoing investigation of the Uwchlan Township Police Department, determinations will be forthcoming as it pertains to any and all criminal charges for those who are responsible."
Commenting on the breach, Mike Gauntlett wrote on Facebook: "It's a shame that the school would involve the police for a matter like this, when traditionally this sort of thing would have been handled via detention.
"Based on the letter from the DASD IT Director, it seems that DASD was not following standard best practices to secure student data, making this sort of hack all but inevitable. Further, there has been no communication from the district indicating that they have taken action to fix these issues, making it almost certain that this will happen again in the future."