School webstore hacked

Hang on for a minute...we're trying to find some more stories you might like.

Email This Story

After hearing complaints from concerned parents who had money taken from their bank accounts, Cal High administrators discovered on Nov. 7 that the school’s webstore had been hacked.

This incident forced many families to cancel their credit cards after they had money stolen and, in some cases, their ban accounts emptied.

“I was looking through my bank statements and I realized I was broke,” senior California Piwinski said, who had almost her entire bank account drained by hackers. 

Many students were left shocked, scared and upset, not knowing what had happened until school emailed a statement the following week explaining the site was hacked.

“I started freaking out, worrying that I wouldn’t be able to get my money back,” senior Alyssa Valpoon said. “[I] called my bank right away.”

Luckily, the victims were refunded by their banks. But now many students feel they can no longer trust the webstore, especially those who are planning to make big purchases later in the year.

“I’m a bit skeptical because my next purchase will be for [senior] ball,” Valpoon said. “I think I’ll keep a close watch on it this time.”

Some students said hackers also used some people’s personal information to make purchases and transactions, like junior Grace Olguin’s.

“Since all my personal information is under my account, [the hacker] found my dad’s name and used it for their account,” said Olguin, who had money transferred out of her account to an app called Cash App, an app that she had never used.

Administrators first began communication with parents on Nov. 8, stating that they were looking into problems with the webstore. In an email sent out on Nov. 12, administrators explained the that the security breach occurred after homecoming ticket sales in October. 

Students hope the webstore takes better precautions to assure this doesn’t happen again.

“They just have to make sure that [the webstore] is more secure,” Piwinski said.

Piwinski pointed out that many big corporations experience hacks as well, so this isn’t too unusual. She just thinks the webstore needs to be safer to use in the future. Administrators have the same hopes.

“[We are] frustrated and sad for our community,” Principal Megan Keefer said. “It’s not so easy just to cancel a credit card.”

Cal’s webstore is managed by financial officer Trisa Kent, but a company called Active Network runs the site and handles all transactions and finances.

The webstore was taken offline immediately after Kent received complaints and contacted Active Network. The site will remain closed until the issue is resolved.  

In the absence of the webstore, the school is accepting checks and cash in the finance office for purchases, Kent said.

In order to use the webstore, students and parents have to enter their credit card information, which is how hackers got full access to so many people’s personal information. 

That is why some students like Piwinski would prefer the site to use alternative methods, such as PayPal, so students’  accounts are not put at risk.

While Active Network is investigating the incident, the direct cause of the hack and the hacker is still unknown.

“We’re waiting for Active Network to finish their investigation,” Kent said, “and then we’ll regroup and decide if we’re confident in their improved security, or if we [will] go a different direction and use a different company.”