The 15-year-old sophomore allegedly breached the district's system while in computer simulation class and gained access to 250 names of past and present Shen transportation employees. He used his student password to view their Social Security numbers, driver's license numbers and more, Shenendehowa officials said.
Then he allegedly sent an e-mail at 1 p.m. Tuesday to High School Principal Donald Flynt, saying he had the database.
Flynt contacted police, who arrested the young man Thursday and charged him with computer trespass, unlawful possession of personal identification information and identity theft, all felonies. He will appear before Saratoga County Family Court at a later date, State Police said Friday.
The incident occurred as the district upgraded its computer system with the help of outside vendors and others, Superintendent L. Oliver Robinson said.
Officials said anyone with a district password — thousands of people including students, faculty and other employees — could have gotten access to the faulty file. But, Robinson said, getting to it would have required exploration and some computer savvy.
"His genius was used in the wrong way," Robinson said.
The transportation employee file was the only one compromised, according to the district. It remained open for "a week or two" and was fixed this week, school spokeswoman Kelly DeFeciani said.
Robinson refused to place blame for the blunder.
"It's more what keystroke was missed, not who missed the keystroke," Robinson said. "One slipped through the cracks."
It left the school trying to calm hundreds of jittery employees who allegedly had their identities and private information exposed. The district held a meeting Wednesday with all of its bus drivers and transportation workers to detail what happened and to provide information on how to protect their identity and credit information, she said. It also is sending similar information in letters to anyone put at risk.
The Civil Service Employee Union, which represents transportation employees in the district, said it was concerned.
"I think it's fair to say that protection of employees' personal information will be a topic at an upcoming labor-management meeting," said Therese Assalian, spokeswoman for the union's local chapter.
The student charged has a history of computer mischief but likely was not interested in stealing personal information, DeFeciani said, citing what investigators told her.
"It was more like 'Look at what I can do,'" she said.
Investigators originally believed two students were involved in the alleged intrusion, but police determined the student arrested used two passwords, State Trooper Maureen Tuffey said.
The student has been suspended for five days and could face further punishment pending a superintendent hearing. His juvenile status likely would prevent him from serving time in jail if convicted, Tuffey said. [via timesunion]
