Newsday reports that Matthew Calicchio, 17, has been arrested and charged with felony computer trespass for allegedly hacking into computers belonging to Long Island's Sachem School District and publishing several thousand students' personal data online (h/t SC Magazine).
Police say Calicchio, a Sachem High School student, downloaded the data in 2012 and 2013, and posted it online from July through November of 2013.
According to the school district [PDF], the information posted online included 15,000 students' ID numbers and school lunch designations, another 12,000 students' ID numbers, 360 students' student records, and a report relating to 130 students "who were receiving instructional services in an alternative setting."
A blogger who saw the published data wrote, "I saw medical records (immunization, allergy, etc) and a letter from a doctor stating the child was prescribed Ritalin and his dosage. I saw a list of student IDs with their names and whether they were receiving free lunch or not. I saw report cards. district registration documents (including name, address, date of birth, parent info.) I saw disciplinary records – a letter to a parent (name and address included) stating their child had been suspended for smoking marijuana on the bus."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Still, the school district said in a statement [PDF], "Please be aware that a review of the district's computer network security has revealed no evidence of a 'brute force attack' or firewall breach which would indicate a breach of our data systems from the outside."