Questions remain regarding hacking of Plainfield student database
By MARK SPIVEY
STAFF WRITER
PLAINFIELD - Local schools officials are remaining tight-lipped about how the Board of Education's student database last week was accessed by anonymous users of a popular website, resulting in a digital vandalism spree that now has the district scrambling to upgrade its Web security.
Plainfield interim Schools Superintendent Anna Belin-Pyles.
Just a small handful of people attended a special informational board meeting on the subject Thursday night, when much of the city continued to dig its way out from underneath about 18 inches of snow. But officials admitted that parents have expressed alarm about the security of student information ever since a username and password to access the district's Genesis database was posted to 4chan.org, an imageboard-based chat website. Website users subsequently changed school lunch prices to $9,000, sent out an emergency broadcast message via e-mail and even deleted the transcripts of all students in ninth through 12th grade before the vandalism was uncovered and order was restored.
The Genesis system keeps track of student registration, attendance, grading conduct and scheduling, among other functions, district information technology staff explained Thursday. About 700 district employees, including principals, secretaries, nurses and others have access to the database, while a "parents' portal'' currently has more than 500 registered users.
But only certain employees have the type of custodial access to the database that would allow for the vandalism that recently took place, officials added. Interim schools Superintendent Anna Belin-Pyles declined to say how many district employees have such access, nor would she comment about how the username and password may have obtained, the number of people believed to have been responsible for the vandalism or even what law-enforcement agency the district is working with in an attempt to bring those people to justice.
Plainfield BOE members Lenny Cathcart, Keisha Edwards and Wilma Campbell at last night's meeting.
Belin-Pyles also defended herself from criticism that the district took too long to release a statement about the vandalism, which took place during the evening of Jan. 18. It wasn't until Jan. 22 that a six-sentence statement addressing the incident was posted on the district's website.
"You want to do a thorough job before you release information to the public,'' Belin-Pyles said. "We just want to ensure that this never happens again.''
Staff access to the database was fully restored by last weekend, officials said, while parent access is slated to be restored by Monday.
A Genesis representative initially was expected to attend Thursday's meeting, but Board President Lisa Logan-Leach said the Jamesburg-based company declined to send someone after consulting with its attorneys. District IT Coordinator Gary Bloom explained that while the vandalism might have looked bad initially, no data was lost permanently, and measures are being put in place to decrease the odds that it will happen again. Those measures include, among others, updating the district's password policy and educating all employees about proper password protocol, Bloom said.
"Safeguarding information regarding our students, our staff and all our stakeholders is of paramount importance to us,'' Logan-Leach said.
"Individuals who were involved in this act will be prosecuted,'' Belin-Pyles added. "I do believe the community will be pleased.''
Mark Spivey: 908-243-6607; mspivey@MyCentralJersey.com