Class-action suit aimed at MCCCD for delayed notification in breach

Share this article:
Trustmark has voluntarily dismissed its claims related to the class-action lawsuit filed last week.
A motion filed says that the notification delay put victims' PII at risk.

Waiting seven months to disclose to 2.5 million students, employees, vendors and alumni that its databases had been breached may end up costing the Maricopa County Community College District (MCCCD) a bundle, if plaintiffs in yet another lawsuit prevail.

A class-action suit has been filed against the district, claiming that the college district delayed taking action after the breach and court documents say MCCCD has been "falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred," according to a Monday report by the Courthouse News Service.

The FBI notified MCCCD in April 2013 that sensitive information from its computer networks, including names, birthdates and Social Security numbers, was being sold online. But the school district, which represents 10 community colleges, didn't begin notifying potential victims until the following November, its efforts fueled by $7 million the district's governing board approved to be spent on notifying those affected, maintaining a call center and providing a free year of credit monitoring and identity theft protection services.

At that time, MCCCD spokesman Tom Gariepy told SCMagazine.com that “one reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” citing the ongoing investigation.

“It took a long time to review," he said. "Obviously there's a great deal of information we still can't talk about.”

The new class-action suit contends that MCCCD should have started talking much sooner than it did, with lead plaintiff Jason Liebich saying that by failing to notify victims “in a reasonable and timely manner” about their personally identifiable information (PII), MCCCD put them at risk, the Courthouse News Service report said, adding that Liebich discovered fraudulent charges on his debit card in December that he believes could possibly be attributed to the breach.

The complaint was filed in Maricopa County Court last week and follows on the heels of a late March lawsuit filed by the law firm Gallagher & Kennedy on behalf of an adjunct faculty member at MCCCD who was a victim of identity theft.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.