In a letter sent to parents, the school district says that last spring, a student found file with sensitive information, like employees' and students' social security numbers.
As the school investigated a WiFi password problem, the student admitted to having access to the file.
The district says that the student put the file on a drive and shared it with a dozen or so close friends who did their own sleuthing and looked at the files as well.
The police are not involved, but the school district will investigate how the security flaw happened.
They say the server that the files were on is not used anymore and the files have been deleted.