Arizona school voucher program questioned after investigators find data breach

Yana Kunichoff, Arizona Republic
Updated ·4 min read
56
Scene from a protest at the Arizona Capitol in 2023

An Arizona Department of Education administrator gave the family of a child in the state's school voucher program access to expense approval requests submitted on behalf of other children in the program, according to an Arizona Department of Homeland Security statement released Tuesday.

The expense requests included personal information such as names, addresses and items and services being purchased using voucher funds, according to the statement, which summarized a longer, unreleased report. The family had access to the otherwise restricted information from July 3 through July 11, the statement said.

The administrator responsible for granting access to the personal information resigned on July 24, according to the Homeland Security statement.

Inside the classroom: As Arizona’s school voucher program grows, public dollars flow to private schools

The "elevated privileges" granted to the family in ClassWallet — the third-party payment processor the education department uses to manage voucher payments — and the "associated unintentional disclosure were the result of a personnel error caused by an Arizona Department of Education ESA program administrator,” the statement said.

"Considerable" time was spent reviewing the purchases that other voucher-recipient families submitted for approval, according to the statement.

The education department was notified of the breach when a staff member saw a social media post by a parent who said their spouse could access information about purchases waiting for approval, according to the Homeland Security statement.

Christine Accurso, who was appointed director of the voucher program when Superintendent of Public Instruction Tom Horne took office in January, resigned on July 24. The program's operations director, Linda Rizzo, also resigned that day, according to education department spokesperson Doug Nick.

Accurso did not respond to a request for comment. In a statement released by the education department, she said she resigned to "pursue other opportunities to engage citizens, especially parents, to fight for school choice and other issues." Horne said he did not request Accurso's resignation. Reached by phone, Rizzo declined to speak with The Arizona Republic.

In a letter sent Friday to Horne about the data breach, Gov. Katie Hobbs said the departure of two high-ranking officials within the school voucher program — officially called the Empowerment Scholarship Account program — raised “concerns and questions about the administration of the ESA voucher program and the protection of student data."

The Arizona Department of Homeland Security said the unintended disclosure was not caused by a cybersecurity incident or breach of the ClassWallet platform. The department's full report on the incident, according to the summary, includes recommendations to enhance the security of the ClassWallet platform and suggests state officials conduct regular audits and access reviews to minimize the chances of a similar mishap in the future.

In a statement Tuesday afternoon, Horne said the education department notified ClassWallet of the improper disclosure. The company reviewed its data and determined only one account was given permission to see restricted information.

Attorney general: Arizona families using school voucher funds give up legal protections

“The problem has been resolved. It was a permission setting error. Once discovered, we took immediate action and corrected the permission setting,” ClassWallet chief Jamie Rosenberg said in a July 14 statement that the education department released Tuesday. “Additionally, we performed a database search and concluded no other users were affected. Therefore, this is an isolated incident to a single user.”

Arizona Attorney General Kris Mayes took notice of the data breach, her spokesperson said. "The attorney general believes the situation is concerning, and we are looking into it," Richie Taylor said.

The Arizona Treasurer's Office announced on Tuesday that it would award a new school voucher program contract, for up to five years, to ClassWallet. Several other companies were bidding for the contract as part of a monthslong process.

The school voucher program currently serves 61,910 students, five times more than it did a year ago, before a legislative expansion of the program went into effect. Now, all students are eligible to apply for public funds for private education. Previously, the program was limited to certain student populations, including students with special education needs and students in foster care.

Hobbs’ office recently released a memo estimating the school voucher program will cost $953.8 million in the current budget year, leading to a shortfall of nearly $320 million in the state budget.

The Republic's Stacey Barchenger contributed reporting.

Yana Kunichoff is a reporter on The Arizona Republic's K-12 education team. You can join The Republic's Facebook page and reach Yana at ykunichoff@arizonarepublic.com.

This article originally appeared on Arizona Republic: Data breach found in Arizona Empowerment Scholarship Account program