Data breach reported in Arizona's school voucher program

Loading Video…

This browser does not support the Video element.

Arizona Superintendent of Public Instruction Tom Horne is responding to a letter by Governor Katie Hobbs seeking information about a data breach involving the Empowerment Scholarship Account program.

The program, known as ESA, provides funding for parents who want their kids in private schools.

Hobbs says thousands of personal information data points, including student names and disability categories, could be viewed on ClassWallet, the program's financial vendor.

Loading Video…

This browser does not support the Video element.

Gov. Hobbs demands answers over potential ESA data breach

Arizona Governor Katie Hobbs is demanding answers amid a potential data breach involving Arizona's Empowerment Scholarship Account. It was recently discovered that personal data of students was viewable from the website of a company that handles ESA applications and payments.

Horne says his office notified the company about the breach.

"There's a letter from ClassWallet that explained the whole thing. It was a permission setting error that they corrected immediately," Horne said. "They performed a data search, and no other users were affected. It was an isolated incident to a single user. The governor's letter makes it sound like a huge tragedy, but it was just an isolated incident."

Horne says parents were not notified because this was an isolated incident.

He also says the breach had nothing to do with the resignations this week of two top administrators overseeing the ESA program, including operations director Linda Rizzo and Christine Accurso, Horne's pick to oversee the school voucher program.

Arizona Treasurer Kimberly Yee says her office contracts financial service firms for state agencies, including the ESA program. Her office reportedly learned of the breach earlier this month and notified the Arizona Department of Homeland Security right away.

According to Yee, the agency confirmed the breach did not originate with the vendor.

ClassWallet released the following statement: 

"We object to any implication that ClassWallet was at fault in this incident. ClassWallet has fully supported the Arizona Department of Homeland Security in its investigation into the matter, and we look forward to its swift resolution and published results."