SECOND-level schools have been told to step up their computer security after a pupil obtained a username and password that allowed access to confidential files.
The problem has arisen over the use of generic usernames and passwords, which schools may make available to substitute teachers.
The Department of Education alerted the Joint Managerial Body (JMB), representing the management in about two-thirds of second-level schools, to the security breach.
It is understood to have involved a pupil who obtained the username and password for ePortal, an electronic databank used in many post-primary schools.
The database gives immediate access to pupil records and histories. The username and password can be used not only to access personal and confidential information of pupils in the school in question, but in other schools where the generic setting has not been changed.
The department asked JMB to contact schools using ePortal as a matter of urgency and also requested Serco, the company behind the system, to take whatever corrective action necessary to reduce the security risk.
In a letter to schools, JMB general secretary Ferdia Kelly said the situation was "alarming" and the potential for the problem to arise needed to be eliminated.
He has advised schools that in addition to legal responsibilities under education legislation, they have a legal responsibility to comply with the data-protection legislation.
The JMB advice to schools using a default or generic usernames to access the system is to disable it immediately.