Class-action suit aimed at MCCCD for delayed notification in breach

Share this article:
Trustmark has voluntarily dismissed its claims related to the class-action lawsuit filed last week.
A motion filed says that the notification delay put victims' PII at risk.

Waiting seven months to disclose to 2.5 million students, employees, vendors and alumni that its databases had been breached may end up costing the Maricopa County Community College District (MCCCD) a bundle, if plaintiffs in yet another lawsuit prevail.

A class-action suit has been filed against the district, claiming that the college district delayed taking action after the breach and court documents say MCCCD has been "falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred," according to a Monday report by the Courthouse News Service.

The FBI notified MCCCD in April 2013 that sensitive information from its computer networks, including names, birthdates and Social Security numbers, was being sold online. But the school district, which represents 10 community colleges, didn't begin notifying potential victims until the following November, its efforts fueled by $7 million the district's governing board approved to be spent on notifying those affected, maintaining a call center and providing a free year of credit monitoring and identity theft protection services.

At that time, MCCCD spokesman Tom Gariepy told SCMagazine.com that “one reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” citing the ongoing investigation.

“It took a long time to review," he said. "Obviously there's a great deal of information we still can't talk about.”

The new class-action suit contends that MCCCD should have started talking much sooner than it did, with lead plaintiff Jason Liebich saying that by failing to notify victims “in a reasonable and timely manner” about their personally identifiable information (PII), MCCCD put them at risk, the Courthouse News Service report said, adding that Liebich discovered fraudulent charges on his debit card in December that he believes could possibly be attributed to the breach.

The complaint was filed in Maricopa County Court last week and follows on the heels of a late March lawsuit filed by the law firm Gallagher & Kennedy on behalf of an adjunct faculty member at MCCCD who was a victim of identity theft.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.