Healthcare may be the most heavily targeted industry for data breaches, but that doesn’t mean other industries shouldn’t take precautions to protect their data. Palo Alto Unified School District (PAUSD) was recently informed that their student and parent data was exposed to unauthorized users. Schoolzilla handles the data warehousing and reporting information for PAUSD.
How It Happened
On April 4, 2017 while a security researcher was performing a network security analysis he identified a security risk and immediately notified Schoolzilla of the problem. Schoolzilla recently performed an upgrade to their backup systems and due to a configuration error in this process left open access to the school districts files. Once Schoolzilla was notified of the issue they immediately fixed the issue, and contacted the individual who had accessed the files to have him dispose of the data. Through their data logs they confirmed that only the security researcher had accessed those files. The security analyst has agreed to a sworn statement that all files involved in this breach have been disposed of.
What Information was at Risk?
This security breach included the student records of over 14,000 students as well as parent information. The individual records contained names, birth dates and test scores for the students state assessments. Fortunately PAUSD doesn’t keep record of students social security numbers and state identification numbers.
PAUSD believes that the privacy and security of their students information is of the utmost importance. They are currently in compliance with all the current vendors that handle their students personally identifiable information, and are continually searching for better ways to maintain the highest levels of security. The incident has also been reported to the California Attorney General who will perform a further investigation. They have also contacted the US Department of Education’s Privacy Technical Assistance Center to obtain further guidance on best practices and procedures.