PHOENIX — An Arizona Department of Education employee has been singled out as the source of a data breach that exposed information on thousands of Empowerment Scholarship Accounts to a single parent account, according to an investigative report released Tuesday by the Arizona Department of Homeland Security.
School Superintendent Tom Horne suggested Tuesday that the employee was Christine Accurso, the former top administrator of the program, who abruptly resigned last week. Accurso's deputy administrator, Linda Rizzo, also quit the same day.
"The Arizona Department of Education had no way to know the reason for the resignation of Christine Accurso, other than her own statements in her letter of resignation," Horne said in a statement. "The department did not request this resignation. It was initiated by the former employee."
The DHS report provides reason to question Horne's claim the he didn't know why Accurso quit.
"The involved ADE employee" resigned after the first meeting to brief Education Department officials on the investigation's findings, the DHS report says. Both Accurso and Rizzo quit that day.
Accurso, who is not named in the report, could not be reached for comment.
Key takeaway for ESA families
The key takeaway for ESA participants: Investigators say the ESA data was visible to one parent account, and there's no indication any data was downloaded. But the investigation could not confirm that were no screen shots, images or printouts of the information.
The report doesn't indicate what steps have been taken to prevent a recurrence.
The investigation of the data breach was released the same day Arizona Treasurer Kimberly Yee will announce the winning bid to run the claims processing system for a half-billion dollars or more in Empowerment Scholarship Account transactions.
Florida-based ClassWallet currently operates the online portal that manages purchases, claims and disbursements. ClassWallet is one of four bidders for the new contract. The winner is expected to be announced by 5 p.m. Arizona time on Tuesday.
What is the ESA program?
Last year, Arizona became the first state in the country to make every student eligible for tax dollars to pay for private or parochial school, or be home-schooled. Families can receive $7,000 or more, in the case of special-education students.
The Empowerment Scholarship Account program has grown five-fold, to 60,000 students, since all 1.1 million Arizona students were granted eligibility 11 months ago.
Critics have questioned the lack of accountability and transparency built into the Republican-passed bill that cleared the way for the universal expansion.
Democratic Gov. Katie Hobbs' office has projected a $319 million deficit next year for the school-voucher program, based on Horne's own estimates of enrollment growth through next June.
Horne has overseen the program's expansion since taking office in January.
Investigation timeline
Here is the timeline DHS provided in its executive summary of the "cyber incident":
July 3 -11: A parent ESA account spent a "considerable" amount of time over the course of eight days viewing other accounts on ClassWallet, the online portal that manages purchases, claims and disbursements for ESAs. ClassWallet said only one parent account was involved and it could not confirm
July 11: A Department of Education employee notified ClassWallet about a parent's social media post saying that a spouse had accessed an "approval queue." The investigation would later trace the data breach to an unnamed Education Department employee responding in June to the parent who later gained access to ESA account information.
July 14: ClassWallet notified the office of state Treasurer Kimberly Yee, who oversees the ESA contract, that an Education Department employee's account was implicated.
Yee instructed ClassWallet not to talk to Horne's office.
July 17: ClassWallet confirmed to Yee that the exposed information included:
"First and last name of the student, first and last name of the parent, email address of the person placing the order, home shipping address, amount spent per order, items purchased per order, phone number of the person placing the order, and the application type. The application type could be used to infer that the student may have a learning disability."
Yee then alerted the state Department of Homeland Security about the potential data breach.
Accurso quit after first briefing
July 24: At 1 p.m., Homeland Security briefed the Education Department on its initial investigation. Three hours later, at 4 p.m., a second meeting was held. The group was told the department employee involved in the data breach had resigned, effective immediately.
Around mid afternoon July 24, 12News began getting information that Accurso and Rizzo had quit and were "walked out the door." Accurso's resignation was confirmed by 12News later that evening, Rizzo's the next day.
In order to bolster his claim that he had no idea why Accurso resigned, Horne said Tuesday he obtained Accurso's permission to release her resignation letter:
"Today (July 24, 2023) I tendered my resignation. I am grateful to have had the opportunity to get the ESA program on track and functioning. We trained and implemented a full staff of competent professionals who love the program and will carry it forward. I achieved much of what I set out to accomplish, but it is time to move on and pursue other opportunities to engage citizens, especially parents, to fight for school choice and other issues they believe in for the future of our state."
>> Download the 12News app for the latest local breaking news straight to your phone.
12News on YouTube
Catch up on the latest news and stories on the 12News YouTube channel. Subscribe today.