An Ohio judge dismissed a lawsuit brought by two former Ohio University students in response to the school's April 2006 data breaches.

Two Ohio University graduates, Donald Jay Kulpa of Cincinnati and Kenneth Neben of North Bergen, N.J., had filed a lawsuit asking a judge to order the school to pay for credit monitoring services for those whose personal information may have been compromised in school security breaches.

Judge J. Craig Wright of the Ohio Court of Claims granted the university's motion to dismiss the case. He ruled that Kulpa and Neben failed to prove they suffered damages they should be compensated for.

No evidence has emerged that victims of the April 2006 data breaches have had their identity stolen or have been defrauded due to the incident, Ohio University officials claimed. As a result, the school's attorneys maintained that Kulpa and Neben's claims were based solely on fears, not actual damages.

"Frankly, victims of such breaches have no other avenue," Avivah Litan, a security analyst with Gartner, told

The university uncovered breaches in four computer systems in April 2006. At first, the school said the breaches exposed about 367,000 files containing Social Security numbers, names, medical records and home addresses; it subsequently said that the breaches impacted only about 173,000 records.

An investigation by technology analysts determined that hackers were attempting to share and store music and movie files when the breaches occurred, the university said in a statement.

The financial services industry "has lobbied against any legislation that restricts the use of Social Security numbers for identification, demanding all kinds of exemptions and exceptions that water down any legislation," Litan added.

Even federal laws now on the book, such as the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, don't prohibit the use of Social Security numbers for uniquely identifying individuals, she pointed out.

The U.S. House Ways and Means Committee is drafting legislation that will limit the use of Social Security numbers for identification purposes, she said. "But the financial services lobby is opposing it."


Click here to email West Coast Bureau Chief Jim Carr.

Click here for SC Magazine's latest podcast: Aug. 27: A monster (.com) of a data breach.