Courthouse News Service reports on a class-action lawsuit in Arizona concerning a security breach that affected the privacy of people connected with Maricopa County Community College District.
PHOENIX (CN) – Maricopa County Community College District waited seven months to inform 2.5 million students, graduates, employees and vendors that its databases had been breached and their personal information made available for sale online, a class action claims in state court.
Lead plaintiff Jason Liebich, a current student at Phoenix College, sued the college district in Maricopa County Court.
Liebich claims the FBI warned the Maricopa County Community College District (MCCCD) in January 2011 that a number of its databases had been breached and made available for sale on the Internet. […]
But the district failed to make any changes to secure the databases, resulting in the breach of 14 databases on MCCCD servers in April 2013, according to the complaint. […]
In a letter sent to victims of the breach, the district claimed it “recently discovered” the security breach, and offered one year of credit monitoring to victims, according to the lawsuit.
The district operates 10 community colleges and two skill centers in Maricopa County that employ more than 9,500 people and serve 265,000 students, according to the complaint.
Due to the data breaches, 2.5 million former and current students, employees and vendors have had their “names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth, financial and bank account information, demographical information, information related to employment, education, and training, benefits information, academic information, financial aid information, and Federal Employer Identification Numbers” exposed on the Internet, making them vulnerable to identity fraud, the class claims.