Two Berkeley High School students exploited a critical cybersecurity flaw in the district’s electronic voting system by accessing classmates’ email accounts using a widely known default password. The students cast 550 fraudulent votes in their favor during an ASB (Associated Student Body) election, rigging the results before being disqualified. The incident exposed systemic vulnerabilities, including weak password policies and unsecured student data access, which could have enabled broader unauthorized access to sensitive information. While no financial or highly sensitive personal data (e.g., SSNs, medical records) was compromised, the breach eroded trust in the district’s digital infrastructure and raised concerns about potential escalation—such as unauthorized access to academic records, disciplinary files, or communication systems. The district responded by mandating password resets for all students, but the incident highlighted negligence in cybersecurity protocols, risking reputational damage and future exploitation. The lack of multi-factor authentication (MFA) and default credential misuse further amplified the risk, though the immediate impact remained confined to election interference.

On April 22, 2016, the California Office of the Attorney General reported that the Berkeley Unified School District experienced a data breach involving the inadvertent release of social security numbers on April 11, 2016. The breach did not compromise any other confidential information, and the affected individuals were notified accordingly. Approximately 1000 individuals were impacted by this incident.