David Struett reports:
Chicago Public Schools apologized Friday evening for a mass email accidentally linking to the private data of thousands of students and families.
[…]
Families were sent an email Friday evening from CPS’s Office of Access and Enrollment inviting them to submit supplemental applications to selective enrollment schools. Attached at the bottom of the email was a link to a spreadsheet with the private data of over 3,700 students and families.
Read more on Chicago Sun-Times.
It’s not completely clear to me who was really responsible for the breach. Apparently, the employee should not have attached a link to the email to the accessible spreadsheet, but why was that spreadsheet even accessible without any login required? Who uploaded that spreadsheet to the server and didn’t require secure login? Was it the same employee or another employee?