Chicago Public Schools error exposed more than 3,700 students’ and families’ data

David Struett reports:

Chicago Public Schools apologized Friday evening for a mass email accidentally linking to the private data of thousands of students and families.

[…]

Families were sent an email Friday evening from CPS’s Office of Access and Enrollment inviting them to submit supplemental applications to selective enrollment schools. Attached at the bottom of the email was a link to a spreadsheet with the private data of over 3,700 students and families.

Read more on Chicago Sun-Times.

It’s not completely clear to me who was really responsible for the breach. Apparently, the employee should not have attached a link to the email to the accessible spreadsheet, but why was that spreadsheet even accessible without any login required? Who uploaded that spreadsheet to the server and didn’t require secure login? Was it the same employee or another employee?

KT Chief to Resign After Cybersecurity Breach Resolution
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
A business's cyber insurance policy included ransom coverage, but when they needed it, the insurer refused to pay. Why?
Before Their Telegram Channel Was Banned Again, ScatteredLAPSUS$Hunters Dropped Files Doxing Government Employees (2)
Attorney General James Secures $14.2 Million from Car Insurance Companies Over Data Breaches
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

Related: