The Arizona Department of Education today released the following statement regarding the data breach containing ESA account information:
In the course of fulfilling a public records request to three individuals, the Arizona Department of Education (ADE) inadvertently disclosed some personally identifiable information belonging to Empowerment Scholarship Account holders. ADE redacted the document subject to the public records request but failed to secure the integrity of the redaction prior to sending the data, and the document was able to be manipulated to reveal private information.
ADE has notified the affected ESA account holders of the data breach and has contacted the recipients to recover and secure the data. ADE has also contacted the U.S. Department of Education’s Student Privacy Protection Office (SPPO) to determine if the breach violates Family Education Rights and Privacy Act (FERPA) laws and will continue to work to mitigate any potential damage to ESA account holders and families. ADE will also work with the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) to develop policies to ensure this type of error does not occur in the future.
ADE sincerely apologizes for errors that led to this situation. ADE takes these matters very seriously and will continue to make every effort to ensure data security and privacy.