Dear Team DPS,
If you know me or have spent any time with me, you can attest that I always do my best to tell it like it is. Because I did not know all of the facts about this incident early on, I did not want to share false information. I am now in a position to share more information. Upon discovering unusual activity related to Denver Public Schools’ computer network, we took steps to secure our system and launched an investigation, which took some time to complete. We worked to determine the nature and scope of the incident, so we could take the appropriate steps to notify the individuals whose information may have been involved.
My team and I followed a clear process: secure our systems, complete the investigation, notify the involved individuals, and communicate with the wider community. We sent an all-staff email on Jan. 19, and we completed the investigation on Feb. 8.
On Jan. 24, I authored a communication to be sent to our community. This communication was shared with Board Leadership, but the group working on reviewing the incident ultimately determined the message should not be distributed until the investigation was complete.
Immediately after the investigation, we prepared notification letters for those involved and began to share information publicly. This process was meant to assist our investigative efforts and to help those involved without raising unnecessary alarm for community members whose information was not involved in the incident.
If you did not receive a letter in the mail from us: Your information was not involved in this incident. You can consider adding a fraud alert to your credit information and contact your financial institutions for additional information on how to protect yourself from fraud or identity theft. Families can also do the same for minors under the age of 13.
If you received a letter from us in the mail stating you were involved: We are providing identity protection services to involved individuals at no cost. These services will include credit monitoring and identity theft protection services. The information on how to enroll in these services is included in the letter you received.
As you can imagine, I am troubled by this incident, as the leader of the school district, as a DPS employee, and as a DPS father whose family information was also involved.
We are evaluating our data security protocols and are always looking for ways to enhance our protocols to add additional layers of security. Please know that my focus is on you. We take your privacy seriously. We care about you. Please know that I will continue to be closely involved in this issue.
Dr. Alex Marrero