News


District investigating data breach at Palo Alto High School

Current sophomores, juniors, seniors affected

A screenshot of a "rogue website" that exposed Paly student names and grade point averages. Photo courtesy The Paly Voice.

UPDATE: The district said Friday that is continuing its investigation, including following up on some leads, but believes the scope of the breach is limited to the initial data reported.

The school district said it is investigating a data breach at Palo Alto High School after discovering a "rogue website" Thursday that exposed student names, identification numbers and grade point averages.

Staff were notified about the website Thursday morning. A screenshot of the website posted by student news outlet The Paly Voice shows a page titled "paly rankcheck" that invites students to "check your weighted GPA and rank relative to your class" with their student and Infinite Campus IDs.

The district said in a statement that it believes names, student numbers and GPA values have been exposed for current Paly sophomores, juniors and seniors.

After determining that at least some of the information on the website was legitimate, the district immediately took several steps to address the breach. The district worked with its web hosting provider to take the website offline and is reviewing Infinite Campus access logs for any "suspicious activity." The district also temporarily disabled all data integrations with third-party systems.

Staff members with access to the disclosed information are resetting their passwords, the district said.

District staff also contacted local law enforcement and the U.S. Department of Education's Privacy Technical Assistance Center.

The district is asking community members to share any information they may have that can assist the investigation via phone at 650-833-4243, email Chief Technology Officer Derek Moore at dmoore@pausd.org or anonymously via a website feedback form.

The district said it will release more information regarding the breach as it becomes available. Updates will be posted on the district website at www.pausd.org as well as physically mailed to students' homes, as required by California law.

In April, personal information for nearly 14,000 current and former students in the district were accessed by a well-known computer security researcher targeting a former vendor of the district.

---

Follow the Palo Alto Weekly/Palo Alto Online on Twitter @PaloAltoWeekly and Facebook for breaking news, local events, photos, videos and more.

Comments

27 people like this
Posted by Change
a resident of Another Palo Alto neighborhood
on Oct 6, 2017 at 9:24 am

Several years ago, we had the experience that our registration kept getting erased, which the administration said was normal, then there was information inserted that could not have been ours, and could not have happened accidentally - someone finally left a calling card. People in the administration laughed (mocking laughter) because the information inserted was demeaning in their opinion, but they told us there was no evidence of an intrusion, and that Infinite Campus was totally secure, so they weren't going to do anything. (Hello! The thing I was reporting was evidence of an intrusion! Why else would I spend time reaching out to those odious people?! The experience of reporting was as bad a sense of violation as the data breach.)

The staff there have changed but the overall district administrstive culture has not. There is still no great sense of service and problem solving. Thus, I really appreciate this story and the outreach from the district data officer, which I hope will continue through all networks possible. And then in the future, I hope they take reports seriously, not just when the horse has left the barn.


1 person likes this
Posted by Novelera
a resident of Midtown
on Oct 6, 2017 at 12:49 pm

Novelera is a registered user.

Yikes! I'm failing to understand a motive for doing this. But, not fully understanding, I still think it's awful. Kids GPA's should be private.


29 people like this
Posted by Samuel L.
a resident of Duveneck/St. Francis
on Oct 6, 2017 at 3:04 pm

Samuel L. is a registered user.

Sounds like a student put this together for the interest of other students. It says you need to know the student ID number and the infinite campus number. I would guess fee students even know their infinite campus number. It's not as if they published these numbers or the rankings.

Why does this make the principal sad? Makes her sound like she's five and lost her puppy.


15 people like this
Posted by Terry
a resident of Midtown
on Oct 6, 2017 at 6:55 pm

Seems like some of the students are smarter than the staff. Maybe a good thing?


Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Email:


Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields

Nobu Palo Alto eyes next-door expansion
By Elena Kadvany | 4 comments | 3,441 views

Are We Really Up To This?
By Aldis Petriceks | 4 comments | 1,867 views

Couples: Cultivate Love, Gottman Style
By Chandrama Anderson | 0 comments | 619 views

The Comp Plan EIR--Pluses and Minuses
By Steve Levy | 4 comments | 329 views

It's contagious
By Cheryl Bac | 0 comments | 296 views