Class-action suit aimed at MCCCD for delayed notification in breach

Share this article:
Trustmark has voluntarily dismissed its claims related to the class-action lawsuit filed last week.
A motion filed says that the notification delay put victims' PII at risk.

Waiting seven months to disclose to 2.5 million students, employees, vendors and alumni that its databases had been breached may end up costing the Maricopa County Community College District (MCCCD) a bundle, if plaintiffs in yet another lawsuit prevail.

A class-action suit has been filed against the district, claiming that the college district delayed taking action after the breach and court documents say MCCCD has been "falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred," according to a Monday report by the Courthouse News Service.

The FBI notified MCCCD in April 2013 that sensitive information from its computer networks, including names, birthdates and Social Security numbers, was being sold online. But the school district, which represents 10 community colleges, didn't begin notifying potential victims until the following November, its efforts fueled by $7 million the district's governing board approved to be spent on notifying those affected, maintaining a call center and providing a free year of credit monitoring and identity theft protection services.

At that time, MCCCD spokesman Tom Gariepy told SCMagazine.com that “one reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” citing the ongoing investigation.

“It took a long time to review," he said. "Obviously there's a great deal of information we still can't talk about.”

The new class-action suit contends that MCCCD should have started talking much sooner than it did, with lead plaintiff Jason Liebich saying that by failing to notify victims “in a reasonable and timely manner” about their personally identifiable information (PII), MCCCD put them at risk, the Courthouse News Service report said, adding that Liebich discovered fraudulent charges on his debit card in December that he believes could possibly be attributed to the breach.

The complaint was filed in Maricopa County Court last week and follows on the heels of a late March lawsuit filed by the law firm Gallagher & Kennedy on behalf of an adjunct faculty member at MCCCD who was a victim of identity theft.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.