Two Riverside High School students are accused of hacking into the Durham Public Schools computer database and downloading the Social Security numbers and personal information of thousands of school employees, the Durham Sheriff's Office said Thursday.
School system officials said two members of a computer class discovered a breach in the security protecting the DPS computer database and gained access through it while performing a class assignment. The breach has since been plugged and no longer poses a threat to the system's security, said Nancy Hester, DPS associate superintendent of support services.
She said the information was never at risk of being accessed by anyone outside the school system.
Durham County Sheriff's deputies searched the home of an unidentified minor and the Knollwood Drive home of the Neplioueva family after being told about the breach by Riverside High School officials. Contacted for comment by The Herald-Sun Thursday, the latter boy's mother, Valentina Neplioueva, said she had been advised by her attorney not to speak about the investigation until further notice.
The latter boy's adult sister, Tatyana Neplioueva, said her 15-year-old brother and his classmate reported the breach to their teacher shortly after finding it and downloading the supposedly secure information.
Durham Public School officials said the teacher of the class immediately reported the boys' findings to the schools information technology specialists, who went to Riverside High School to meet with the boys to see how they had gotten through security to access the highly sensitive information.
The next day, the boy's father, Igor Neplioueva, returned home to find his son being interrogated by deputies, according to the boy's sister. Deputies searched the boy's home and seized the family's computers and related data-storage devices belonging to the boy's parents, she said.
When the boy returned to school, he was placed in in-school suspension, she added.
"I think it's ridiculous. He was doing the school a service and now they're punishing him," she said.
School officials acknowledged the boys were forthright in their explanation to their teacher about discovering the breach. School board member Kirsten Kainz said she'd learned of the discovery and felt the students were "smart and honest boys."
DPS official Hester said the school system felt the boys "hadn't done anything wrong" but contacted the Sheriff's Office out of concern for the safety of school employees' identity information.
Charles Douglass, executive director of technical services for the school system, said the hole would have only been accessible to individuals who already had a password to gain access to the school's computers, such as students and employees. Firewalls, which are barriers that prevent outside individuals from gaining access to a network's protected information, prevent the possibility of other hackers from accessing the data, he added.
Despite Douglass' claim and the fact that Douglass and Hester said the boys only accessed the data through the school's password-protected computers, Sheriff's deputy Lt. Will Rogers said he believed the boys accessed some of the information via their home computer, which is why, he said, the computers were seized.
Attempts to reach DPS Superintendent Carl Harris, school board members Minnie Forte, Steve Schewel, Steve Martin, Heidi Carter, Omega Parker and Fredrick Davis, and Riverside principal Jim Key regarding the security breach were unsuccessful Thursday.