Parents, students are baffled by letters confirming Crown Point school network breach months ago
CROWN POINT, Ind. (CBS) -- After a massive network breach temporarily closed schools in Crown Point, Indiana last fall, we are finally learning what happened.
As CBS 2 Investigator Megan Hickey reported Thursday, parents and students recently started getting letters confirming a five-day breach back in November in the Crown Point Community School Corporation's network system. But it's the letters themselves, and a lack of communication about the issue, that are now causing more concern.
"With this letter, it kind of confirmed my worst fear," said a recent graduate of Crown Point High School.
Eighteen years old and about to head to college, the last thing the recent grad was expecting was a letter in the mail confirming a breach that exposed personal data. The student asked not to be identified, because she is already worried her information is out there.
"Knowing that that sensitive information that a lot of people want kept private is now public - and Lord only knows who even has that information," the recent grad said. "I think it's really scary and anxiety-inducing."
The letters, sent from a California address, started coming in this week.
They state that the Crown Point systems were subject to "unauthorized access between November 17, 2022, and November 21, 2022," and that data may have been accessed by outsiders.
But there's a weird part on top of it. Some parents received not one, but four letters addressed to different people.
Crown Point parent Jennifer Carr's reaction was, "OK, is this a scam?"
Carr got a letter to some residents who had lived in her home more than a decade ago. Others received letters addressed to people who had never lived in their home at all.
"I don't have any faith that they know who is actually compromised," Carr said. "From where I sit, they're not looking out for my children's best interests."
We asked the school district to explain - and despite the bizarre mass mailing, they said the letters are legitimate.
"We are working with the vendor who completed the investigation/notification process to determine how many letters may have been sent to old or incorrect addresses and why," a district spokesperson told us.
Who breached the system? And why?
The investigation was completed on June 7, according to the letter. So why did it take seven weeks for parents to get this notice?
Students and parents say tell us they've reached out for more specifics and have gotten nothing.
"Let us know what happened; what they're doing, right?" Carr said. "Like, we know nothing."
"They didn't take accountability for it, and continue to this day to withhold information about the extent of the breach," added the recent grad.
We did reach out to the California vendors that sent the letters in multiple ways, but we have yet to receive an explanation. The district has also failed to provide one.
We'll keep pushing.