Following a data breach which enabled students to view their class rank and weighted grade point averages — and which Palo Alto High School administration suggests may threaten the security of their private information — administrators are following an aggressive protocol response, according to Chief Technology Officer Derek Moore.
In a message forwarded at 4:55 p.m. on Schoology to the senior class by Principal Kim Diorio, Moore wrote that while the incident is still under investigation, Paly and district staff have confirmed that the names, student ID numbers and GPAs of Paly 10th, 11th and 12th graders provided by the site are accurate. The message was one of two posts from Diorio today that detail her administration’s immediate response to the breach.
“Infinite Campus access logs are being reviewed for suspicious activity, and all data integrations with third party systems have been temporarily disabled,” Moore states in his forwarded message. “In addition, staff members with access to the disclosed information are resetting passwords.”
In the meantime, Diorio cautions students against providing any information to the site.
“We don’t know if the person(s) involved are phishing for additional information and/or how they can potentially use this information in the future,” Diorio states in a Schoology message at 12:34 p.m.
In addition, staff is working with the host provider to take down the rogue site, according to Moore. As of now, the page states that the “website is sleeping.” (As of 6:09 p.m. the page no longer states “website is sleeping,” but access remains restricted.)
According to Diorio, Paly staff has notified local law enforcement of the data breach, as well as the Privacy Technical Assistance Center of the U.S. Department of Education.
According to Moore’s forwarded message, updates will be released frequently until the incident is resolved. Updates can be found at www.pausd.org, and will be mailed to student households as required by California state law, according to Moore.