The Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission (FTC) earlier this week against Maricopa County Community College District (MCCCD), after last year’s breach compromised the personal information of 2.5 million former students, employees and vendors in Maricopa County, Ariz.

EPIC’s complaint alleges that the MCCCD received multiple warnings before its massive breach. The district is accused of not developing, implementing and maintaining a security program, which led to victims’ names, dates of birth, addresses, phone numbers, emails, Social Security numbers, demographical information, and enrollment, academic, and financial aid information to be compromised in April 2013.

The breach impacted 14 community college databases.

EPIC is requesting that the FTC investigate the matter to determine whether the county complied with the FTC’s “Safeguards Rule,” which requires financial institutions to keep customer information safe.