Staff was notified this morning about a website that exposed information about Palo Alto High School students' weighted GPAs and class ranks. As soon as we received notice, we immediately invoked the data breach response protocol and began investigating the report. The incident is still under investigation; however, staff has verified at least some of the information generated by the rogue website is legitimate.
What information was involved?
The incident is still under investigation, however at this point, we believe names, student numbers, and GPA values have been exposed for current Palo Alto High students in grades 10, 11, and 12.
What are we doing?
Staff immediately invoked the data breach response protocol and began investigating the report. After validating the information, staff worked to determine the scope and composition of the breach, and is in the process of taking steps to ensure any potential attack vectors have been addressed. Staff has worked with the web hosting provider to take the offending website offline, Infinite Campus access logs are being reviewed for suspicious activity, and all data integrations with third party systems have been temporarily disabled. In addition, staff members with access to the disclosed information are resetting passwords. Local law enforcement has been contacted, as has the Privacy Technical Assistance Center of the U.S. Department of Education for their guidance and consultation.
What can you do?
The incident is still under investigation, we would appreciate any and all information you would be willing to share to assist in determining exactly how this information was released and published. To contact us, you can call at 650-833-4243, email firstname.lastname@example.org, or anonymously submit via the website feedback form.
For More Information:
Additional information regarding this incident will be released as it becomes available. Notices will be posted on our website at www.pausd.org as well as physically mailed to households as required by California law.