After threatening to file a lawsuit against the Paterson Times for exposing a massive data breach in an unauthorized letter, superintendent Eileen Shafer backtracked on Friday afternoon stating she had no intentions to sue a reporter or a news organization.
“Neither the reporter nor his news organization was the potential target for any litigation by the District,” said Shafer. Her questionable threat to sue a reporter and a newspaper for “serious reputational harm” to the district for exposing the data breach that claimed 23,103 account passwords had been quickly condemned by multiple media law attorneys.
Shafer had no grounds to bring a lawsuit, according to multiple prominent First Amendment attorneys. Some community leaders also criticized the superintendent for having “misplaced” priorities at a time the district, one of the lowest performing in New Jersey, is cutting programs and laying off hundreds of employees.
The district should focus on investigating the breach and patching up its systems to better protect student and employee data, said local leaders. Shafer’s administration has reset all employee email passwords and added two-factor authentication to the login process – both steps fall short of securing the district’s systems — while claiming the report of the breach was “unfounded.”
Shafer and her team were provided incontrovertible evidence of the data breach last Monday. Her administration has provided few answers to the public about the breach. For example, the district has yet to answer whether desktop, network, and laptop passwords were reset. It still has yet to say how the breach occurred and what steps have been taken to secure the systems.
The data breach occurred eight months ago. School officials did not detect the breach and were unaware of it until the Paterson Times brought it to their attention last Monday.
Shafer rejected the Paterson Times’ request to interview the district’s information technology (IT) point person on Friday morning.
Without securing the systems, the perpetrator, who indicated he or she still had full access to the systems on May 11, could snatch the updated email passwords. Shafer has said a former employee may be responsible for the breach. She has referred the matter for investigation to the New Jersey Attorney General’s Office and the Passaic County Prosecutor’s Office.
School board members were caught off guard by Shafer’s threatening letter. She did not consult the nine-member board prior to sending out the letter, according to board members.
“I read it in the article. I had no knowledge of it,” said school board vice president Nakima Redmon. She said it’s not unordinary for the superintendent to send out memos and notices. When asked if she had any issues with the superintendent’s unilateral action, she said, “I’m not going to say I don’t have any issues.”
School board president Oshin Castillo appeared surprised when told of Shafer’s lawsuit threat. She did not respond to a call for comment for this story.
“I knew nothing about this,” said board member Emanuel Capers. He sent an email to the superintendent to inquire about the threatening letter. “This has happened before. I don’t think this is right. It was bad then. It’s bad now.”
Capers is referring to an investigation the board president and the superintendent jointly authorized into his trip to Arizona without consulting the full Board of Education.
“During emerging conditions, a Superintendent of Schools must be able to take immediate action. The recent issue of cyber security in the Paterson Public School district required such action,” said Shafer in defending her unilateral action.
Shafer said her letter sought the return of all “materials that had been received” by a reporter. Her letter, written by the district’s general counsel Robert E. Murray, suggested the district would use legal means to obtain the materials held by the Paterson Times, something prohibited by the state’s reporter’s shield law.