LOGAN SQUARE — Erika Chavez was enjoying a flamenco performance in suburban Skokie Friday evening when she received a shocking email from Chicago Public Schools.
In it, the district apologized for a massive data breach, in which an employee mistakenly emailed private student information of more than 3,700 families. Chavez’s 12-year-old daughter was on the list.
“I literally couldn’t believe what I was seeing,” Chavez said.
Families applying to selective-enrollment schools received the email on Friday from the district’s Office of Access and Enrollment. Attached was a spreadsheet with the names, email addresses, phone numbers and student ID numbers of more than 3,700 students.
The spreadsheet was live for a few hours before the district deactivated the link.
“We sincerely apologize for this unintended disclosure and ask that you please delete the information in question,” the district said in an email to Chavez and many other parents.
“We are taking this matter very seriously, and a review of this incident is underway to determine how this breach occurred and ensure a similar matter does not occur again.”
The district said the employee who sent the email has been removed from their position.
But Chavez, who lives in Logan Square with her family, wasn’t comforted by the apology or the firing; she was too incensed.
“It’s very infuriating and frustrating, and another recent example of CPS’ violation of parents’ trust,” she told Block Club Chicago.
“There’s an expectation that CPS handle matters, processes related to student safety and privacy with utmost care, but they’re obviously not. We’re only given apology after apology — how about proactive change? I can’t help but to feel exposed.”
Chavez also questioned the use of a spreadsheet for matters such as these.
“I thought, ‘Is this how they’re tracking such a sensitive process — with a spreadsheet of kids’ names?'”
Another parent called the breach “ridiculous.”
A district spokeswoman didn’t immediately return a message Sunday morning.
Similar breaches have occurred within CPS over the last few years. In February of last year, students’ medical conditions and dates of birth were improperly shared. In 2016, private student information was leaked to a charter school operator.