Student names, GPAs exposed in breach
A data breach at Palo Alto Unified School District exposed information about Palo Alto High School students’ weighted GPAs values, names and student numbers on a “rogue” website, district officials said Friday.
After learning about the breach Thursday morning, district staff worked with the web hosting provider to take the website down. The district then began data breach response protocol and an investigation into the breach.
District officials confirmed that some of the information on the website was legitimate and affected students in grades 10-12.
The district said that it worked to see how deep the breach was and is in the process of taking steps to ensure “any potential attack vectors have been addressed.”
Additionally, the district is checking its Infinite Campus student information system access logs to check for suspicious activity and data integrations with third-party systems.
Today, in a statement on its website district officials said:
“… staff is continuing to work with our vendors and utilize all resources possible to investigate the situation. We are following up on a few leads and will provide more information when it becomes available.”
Staff members have been asked to reset passwords as well and law enforcement has been contacted. The district also reached out to the Privacy Technical Assistance Center of the U.S. Department of Education for their guidance and consultation.
Anyone with information on the case is asked to call (650) 833-4243 or to email district Chief Technology Officer Derek Moore at firstname.lastname@example.org or call the district office at (650) 833-4243.