Maricopa County Community College District is the target of a lawsuit over a 2013 data breach that alleges the school did not take adequate steps to safeguard student and alumni records, and plaintiff Jason Liebich is seeking a class action status for the estimated 2.5 million people whose information was compromised.
The suit, filed April 15 in the Maricopa County Superior Court in Phoenix, asserts that the district did little to fortify the schools databases after the FBI had alerted them to a similar breach in 2011, and that officials unnecessarily delayed notification of those affected, putting them at risk of fraud and financial loss by way of identity theft.
“The lawsuit claims district administrators did nothing to address the breach at the time, and that their inaction resulted in a second breach in April 2013,” wrote Matt Dunning for Business Insurance.
“The lawsuit also accuses the community college district of waiting until November 2013 to notify current and former students, employees and third-party vendors that their personally identifiable information — including names, addresses, Social Security Numbers, personal financial information and benefits information had been accessed and possibly sold on the Internet.”
The lawsuit ocmes on the heels of a study that found Universities are falling way behind in the race to secure sensitive data from the threat of compromise, and the trend is expected to continue in perpetuity because they lack the financial and technical resources required to safeguard critical systems, according to a recent study.
“HALOCK Security Labs’ 2013 investigation found that 25% of 162 universities sampled were putting student and parent financial data at risk through the use of unsafe unencrypted email practices. This data included W-2’s and tax information transmitted to financial aid offices,” the study’s authors stated.
“Universities continue to be targeted by hackers because they maintain not only a wealth of student and parent financial data, but they are also centers for cutting edge research and intellectual property.”
In just the first quarter of 2014, publicly disclosed breaches at colleges including the University of Maryland, Indiana University. and North Dakota University exposed the records of over 740,000 student and alumni, compromising everything from personal to financial data.
“Universities need to get serious about securing their environment. They need to be sure that they are following security standards, as well as the laws and regulations that require the protection of personal information,” said Terry Kurzynski, Senior Partner at HALOCK.