News

District investigating data breach at Palo Alto High School

Current sophomores, juniors, seniors affected

by Elena Kadvany / Palo Alto Weekly

Uploaded: Thu, Oct 5, 2017, 9:20 pm 4
Updated: Sat, Oct 7, 2017, 8:51 am
Time to read: about 1 minutes

UPDATE: The district said Friday that is continuing its investigation, including following up on some leads, but believes the scope of the breach is limited to the initial data reported.

The school district said it is investigating a data breach at Palo Alto High School after discovering a "rogue website" Thursday that exposed student names, identification numbers and grade point averages.

Staff were notified about the website Thursday morning. A screenshot of the website posted by student news outlet The Paly Voice shows a page titled "paly rankcheck" that invites students to "check your weighted GPA and rank relative to your class" with their student and Infinite Campus IDs.

The district said in a statement that it believes names, student numbers and GPA values have been exposed for current Paly sophomores, juniors and seniors.

After determining that at least some of the information on the website was legitimate, the district immediately took several steps to address the breach. The district worked with its web hosting provider to take the website offline and is reviewing Infinite Campus access logs for any "suspicious activity." The district also temporarily disabled all data integrations with third-party systems.

Help sustain the local news you depend on.

Your contribution matters. Become a member today.

Join

Staff members with access to the disclosed information are resetting their passwords, the district said.

District staff also contacted local law enforcement and the U.S. Department of Education's Privacy Technical Assistance Center.

The district is asking community members to share any information they may have that can assist the investigation via phone at 650-833-4243, email Chief Technology Officer Derek Moore at dmoore@pausd.org or anonymously via a website feedback form.

The district said it will release more information regarding the breach as it becomes available. Updates will be posted on the district website at www.pausd.org as well as physically mailed to students' homes, as required by California law.

In April, personal information for nearly 14,000 current and former students in the district were accessed by a well-known computer security researcher targeting a former vendor of the district.

Stay informed

Get daily headlines sent straight to your inbox in our Express newsletter.

Stay informed

Get daily headlines sent straight to your inbox in our Express newsletter.

Follow Palo Alto Online and the Palo Alto Weekly on Twitter @paloaltoweekly, Facebook and on Instagram @paloaltoonline for breaking news, local events, photos, videos and more.

District investigating data breach at Palo Alto High School

Current sophomores, juniors, seniors affected

by Elena Kadvany / Palo Alto Weekly

Uploaded: Thu, Oct 5, 2017, 9:20 pm
Updated: Sat, Oct 7, 2017, 8:51 am

UPDATE: The district said Friday that is continuing its investigation, including following up on some leads, but believes the scope of the breach is limited to the initial data reported.

The school district said it is investigating a data breach at Palo Alto High School after discovering a "rogue website" Thursday that exposed student names, identification numbers and grade point averages.

Staff were notified about the website Thursday morning. A screenshot of the website posted by student news outlet The Paly Voice shows a page titled "paly rankcheck" that invites students to "check your weighted GPA and rank relative to your class" with their student and Infinite Campus IDs.

The district said in a statement that it believes names, student numbers and GPA values have been exposed for current Paly sophomores, juniors and seniors.

After determining that at least some of the information on the website was legitimate, the district immediately took several steps to address the breach. The district worked with its web hosting provider to take the website offline and is reviewing Infinite Campus access logs for any "suspicious activity." The district also temporarily disabled all data integrations with third-party systems.

Staff members with access to the disclosed information are resetting their passwords, the district said.

District staff also contacted local law enforcement and the U.S. Department of Education's Privacy Technical Assistance Center.

The district is asking community members to share any information they may have that can assist the investigation via phone at 650-833-4243, email Chief Technology Officer Derek Moore at dmoore@pausd.org or anonymously via a website feedback form.

The district said it will release more information regarding the breach as it becomes available. Updates will be posted on the district website at www.pausd.org as well as physically mailed to students' homes, as required by California law.

In April, personal information for nearly 14,000 current and former students in the district were accessed by a well-known computer security researcher targeting a former vendor of the district.

Comments

Change
Another Palo Alto neighborhood
on Oct 6, 2017 at 9:24 am
Change, Another Palo Alto neighborhood
on Oct 6, 2017 at 9:24 am

Several years ago, we had the experience that our registration kept getting erased, which the administration said was normal, then there was information inserted that could not have been ours, and could not have happened accidentally - someone finally left a calling card. People in the administration laughed (mocking laughter) because the information inserted was demeaning in their opinion, but they told us there was no evidence of an intrusion, and that Infinite Campus was totally secure, so they weren't going to do anything. (Hello! The thing I was reporting was evidence of an intrusion! Why else would I spend time reaching out to those odious people?! The experience of reporting was as bad a sense of violation as the data breach.)

The staff there have changed but the overall district administrstive culture has not. There is still no great sense of service and problem solving. Thus, I really appreciate this story and the outreach from the district data officer, which I hope will continue through all networks possible. And then in the future, I hope they take reports seriously, not just when the horse has left the barn.

Report Objectionable Comment   |  

Novelera
Registered user
Midtown
on Oct 6, 2017 at 12:49 pm
Novelera, Midtown
Registered user
on Oct 6, 2017 at 12:49 pm

Yikes! I'm failing to understand a motive for doing this. But, not fully understanding, I still think it's awful. Kids GPA's should be private.

Report Objectionable Comment   |  

Samuel L.
Registered user
Duveneck/St. Francis
on Oct 6, 2017 at 3:04 pm
Samuel L., Duveneck/St. Francis
Registered user
on Oct 6, 2017 at 3:04 pm

Sounds like a student put this together for the interest of other students. It says you need to know the student ID number and the infinite campus number. I would guess fee students even know their infinite campus number. It's not as if they published these numbers or the rankings.

Why does this make the principal sad? Makes her sound like she's five and lost her puppy.

Report Objectionable Comment   |  

Terry
Midtown
on Oct 6, 2017 at 6:55 pm
Terry, Midtown
on Oct 6, 2017 at 6:55 pm

Seems like some of the students are smarter than the staff. Maybe a good thing?

Report Objectionable Comment   |  

Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Post a comment

Sorry, but further commenting on this topic has been closed.