Class-action suit aimed at MCCCD for delayed notification in breach

Share this article:
Trustmark has voluntarily dismissed its claims related to the class-action lawsuit filed last week.
A motion filed says that the notification delay put victims' PII at risk.

Waiting seven months to disclose to 2.5 million students, employees, vendors and alumni that its databases had been breached may end up costing the Maricopa County Community College District (MCCCD) a bundle, if plaintiffs in yet another lawsuit prevail.

A class-action suit has been filed against the district, claiming that the college district delayed taking action after the breach and court documents say MCCCD has been "falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred," according to a Monday report by the Courthouse News Service.

The FBI notified MCCCD in April 2013 that sensitive information from its computer networks, including names, birthdates and Social Security numbers, was being sold online. But the school district, which represents 10 community colleges, didn't begin notifying potential victims until the following November, its efforts fueled by $7 million the district's governing board approved to be spent on notifying those affected, maintaining a call center and providing a free year of credit monitoring and identity theft protection services.

At that time, MCCCD spokesman Tom Gariepy told SCMagazine.com that “one reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” citing the ongoing investigation.

“It took a long time to review," he said. "Obviously there's a great deal of information we still can't talk about.”

The new class-action suit contends that MCCCD should have started talking much sooner than it did, with lead plaintiff Jason Liebich saying that by failing to notify victims “in a reasonable and timely manner” about their personally identifiable information (PII), MCCCD put them at risk, the Courthouse News Service report said, adding that Liebich discovered fraudulent charges on his debit card in December that he believes could possibly be attributed to the breach.

The complaint was filed in Maricopa County Court last week and follows on the heels of a late March lawsuit filed by the law firm Gallagher & Kennedy on behalf of an adjunct faculty member at MCCCD who was a victim of identity theft.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.