A proposed class action claims Oakwood University’s failure to adequately safeguard certain personal and financial information resulted in a “massive and preventable” data breach earlier this year.
The 32-page lawsuit alleges the private university in Huntsville, Alabama “intentionally, willfully, recklessly, or negligently” failed to implement reasonable cybersecurity measures to protect consumers’ sensitive information from an “undoubtedly nefarious” third party. The filing states that beginning as early as March 2022, cybercriminals infiltrated the university’s network and gained access to individuals’ dates of birth; Social Security, U.S. Alien Registration, driver’s license and/or state identification numbers; and financial account information.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the suit, Oakwood University claimed to have discovered the ransomware attack on March 14 but did not begin informing victims of the incident until October 1. Further, the school’s notice provided only “basic details” of the data breach and recommended next steps, omitting specifics about when or for how long the attack occurred, the case relays.
The lawsuit claims that Oakwood University could have prevented the incident had it properly secured its servers and followed appropriate data encryption procedures, especially since the information stored on its network belongs to both adults and children.
Oakwood University’s negligence is “exacerbated by repeated warnings and alerts directed to protecting and securing sensitive data, as evidenced by the trending data breach attacks in recent years,” the case argues.
“Due to the high-profile nature of these breaches, and other breaches of its kind, Defendant was and/or certainly should have been on notice and aware of such attacks occurring, and therefore should have assumed and adequately performed the duty of preparing for such an imminent attack. This is especially true given that Defendant is a large, sophisticate [sic] operation with the resources to put adequate data security protocols in place.”
In addition, the university’s failure to employ “reasonable and appropriate” security measures is out of line with the Federal Trade Commission Act, the filing alleges.
The lawsuit looks to represent anyone in the United States whose personally identifiable information and/or financial information was exposed to unauthorized third parties as a result of the Oakwood University data breach discovered on March 14, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Camp Lejeune residents now have the opportunity to claim compensation for harm suffered from contaminated water.