The Palo Alto Unified School District is working to improve data security after the Oct. 5 data breach.
According to district Chief Technology Officer Derek Moore, names, student numbers and weighted GPA values for students in grades 10, 11 and 12 at Palo Alto High School appeared on a website. The district took down the website twice but it reappeared each time.
“This is a violation of the acceptable use policies in place at PAUSD and could potentially rise to the level of criminal activity,” Moore said.
This is the second district-wide data breach this year. Last April, former data warehouse vendor Schoolzilla notified the district that a computer security researcher “was able to access an off-site backup that included partial student records for approximately 14,000 … students,” according to a message posted on the PAUSD website.
After the Schoolzilla incident, the district began working with local security company Yubico to improve the security of student data. Yubico plans to implement their new authentication method, Yubikey, to replace the typical software key.
“It’s actually a physical key, and you can tap it to your phone or you can plug it into your computer,” said Stina Ehrensvärd, Yubico CEO. “What we have provided is like an iron door.”
A set plan has yet to be introduced, but the goal of the project is to secure all online accounts for Paly students, a process enabled by a government grant.
“PAUSD takes the security of information entrusted to us very seriously and is continually working to improve security measures as new options become available,” Moore said.