The University of Rochester has been hit with a proposed class action over a May 2023 data breach that stemmed from the private research university’s allegedly deficient cybersecurity practices.
Want to stay in the loop on class actions that matter to you? Sign up forClassAction.org’s free weekly newsletter here.
According to the 43-page complaint, the New York school learned on July 19 of this year that an unauthorized individual had gained access to students’ data by hacking the MOVEit file-transfer application, a data transfer program the University of Rochester uses to transfer large data files between servers.
The lawsuit claims that the cyberattack, which occurred on May 27, 2023, has reportedly exposed more than 88,000 individuals’ private information, including, but not limited to, their Social Security numbers.
The case contends that the University of Rochester maintained students’ personal data in a “reckless manner” on a computer network that was left vulnerable to unauthorized intrusions. As the filing tells it, the defendant’s failure to employ reasonable data security measures to safeguard consumers’ information violates state and federal law.
Moreover, the university waited until July 28 to reveal the data breach to victims, who now face an “ongoing, imminent, and impending” threat of identity theft and other fraudulent uses of their personal information, the lawsuit argues. The complaint also stresses that those affected by the incident will be forced to pay out-of-pocket costs for protective measures such as credit monitoring and identity theft protection services.
“While news stories and public reporting have speculated on the mechanism of the data breach, Plaintiff and Class members have never been fully informed about the scope of the intrusion, the vulnerabilities exploited, the remediation required or the vulnerability of their data that remains in the possession of the Defendant,” the case says.
Given the substantial increase in cyberattacks in recent years, the University of Rochester “knew or should have known” that its cybersecurity obligations were “particularly important,” the suit charges.
The lawsuit looks to cover any United States residents whose private information was accessed or acquired during the data breach event announced by the University of Rochester.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed cancer, endometriosis or reproductive problems after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.