District investigating data breach at Palo Alto High School

Current sophomores, juniors, seniors affected

A screenshot of a "rogue website" that exposed Paly student names and grade point averages. Photo courtesy The Paly Voice.

UPDATE: The district said Friday that is continuing its investigation, including following up on some leads, but believes the scope of the breach is limited to the initial data reported.

The school district said it is investigating a data breach at Palo Alto High School after discovering a "rogue website" Thursday that exposed student names, identification numbers and grade point averages.

Staff were notified about the website Thursday morning. A screenshot of the website posted by student news outlet The Paly Voice shows a page titled "paly rankcheck" that invites students to "check your weighted GPA and rank relative to your class" with their student and Infinite Campus IDs.

The district said in a statement that it believes names, student numbers and GPA values have been exposed for current Paly sophomores, juniors and seniors.

After determining that at least some of the information on the website was legitimate, the district immediately took several steps to address the breach. The district worked with its web hosting provider to take the website offline and is reviewing Infinite Campus access logs for any "suspicious activity." The district also temporarily disabled all data integrations with third-party systems.

Staff members with access to the disclosed information are resetting their passwords, the district said.

District staff also contacted local law enforcement and the U.S. Department of Education's Privacy Technical Assistance Center.

The district is asking community members to share any information they may have that can assist the investigation via phone at 650-833-4243, email Chief Technology Officer Derek Moore at or anonymously via a website feedback form.

The district said it will release more information regarding the breach as it becomes available. Updates will be posted on the district website at as well as physically mailed to students' homes, as required by California law.

In April, personal information for nearly 14,000 current and former students in the district were accessed by a well-known computer security researcher targeting a former vendor of the district.


Follow the Palo Alto Weekly/Palo Alto Online on Twitter @PaloAltoWeekly and Facebook for breaking news, local events, photos, videos and more.

What is democracy worth to you?
Support local journalism.


27 people like this
Posted by Change
a resident of Another Palo Alto neighborhood
on Oct 6, 2017 at 9:24 am

Several years ago, we had the experience that our registration kept getting erased, which the administration said was normal, then there was information inserted that could not have been ours, and could not have happened accidentally - someone finally left a calling card. People in the administration laughed (mocking laughter) because the information inserted was demeaning in their opinion, but they told us there was no evidence of an intrusion, and that Infinite Campus was totally secure, so they weren't going to do anything. (Hello! The thing I was reporting was evidence of an intrusion! Why else would I spend time reaching out to those odious people?! The experience of reporting was as bad a sense of violation as the data breach.)

The staff there have changed but the overall district administrstive culture has not. There is still no great sense of service and problem solving. Thus, I really appreciate this story and the outreach from the district data officer, which I hope will continue through all networks possible. And then in the future, I hope they take reports seriously, not just when the horse has left the barn.

1 person likes this
Posted by Novelera
a resident of Midtown
on Oct 6, 2017 at 12:49 pm

Novelera is a registered user.

Yikes! I'm failing to understand a motive for doing this. But, not fully understanding, I still think it's awful. Kids GPA's should be private.

29 people like this
Posted by Samuel L.
a resident of Duveneck/St. Francis
on Oct 6, 2017 at 3:04 pm

Samuel L. is a registered user.

Sounds like a student put this together for the interest of other students. It says you need to know the student ID number and the infinite campus number. I would guess fee students even know their infinite campus number. It's not as if they published these numbers or the rankings.

Why does this make the principal sad? Makes her sound like she's five and lost her puppy.

15 people like this
Posted by Terry
a resident of Midtown
on Oct 6, 2017 at 6:55 pm

Seems like some of the students are smarter than the staff. Maybe a good thing?

Sorry, but further commenting on this topic has been closed.

All your news. All in one place. Every day.

Su Hong 2.0? Former waiter reopens Chinese standby under new name in Palo Alto
By Elena Kadvany | 7 comments | 4,239 views

Living as Roommates? Not Having Much Sex?
By Chandrama Anderson | 0 comments | 1,763 views

What gives you hope?
By Sherry Listgarten | 4 comments | 1,575 views

Do city officials ever consider giving taxpayers a break?
By Diana Diamond | 18 comments | 1,494 views

Expert witnesses are more than experts. Plus my 7 fundamental impeachment questions
By Douglas Moran | 17 comments | 1,476 views


Palo Alto Weekly Holiday Fund

For the last 26 years, the Palo Alto Weekly Holiday Fund has given away more than $7 million to local nonprofits serving children and families. When you make a donation, every dollar is automatically doubled, and 100% of the funds go directly to local programs. It’s a great way to ensure your charitable donations are working at home.