Yale Hit With 2nd Federal Lawsuit Over Data Breach From 2008
A second federal lawsuit has been filed against Yale alleging the university's "substandard security practices" led to a massive security breach 10 years ago that could have compromised 119,000 people. Yale did not learn about the breach until this past summer.
October 16, 2018 at 05:55 PM
3 minute read
The original version of this story was published on Connecticut Law Tribune
Yale University.
Yale University has been hit with its second putative class action in 10 weeks over a data breach that could have affected more than 119,000 alumni, faculty and staff.
The federal lawsuit was e-filed Monday evening in the U.S. District Court for the District of Connecticut. It asserts that in June 2018 Yale discovered during a security review of its servers that hackers gained access to electronic records containing personal information stored on its database between April 2008 and January 2009.
The breach, the lawsuit says, included the disclosure of names and Social Security numbers. It also included, in almost all instances, dates of birth, email addresses and, in some cases, physical addresses.
The latest lawsuit was filed on behalf of plaintiff Andrew Mason, a Virginia resident who attended a summer program at Yale during 2005. A similar lawsuit was filed Aug. 1 on behalf of Julie Mason, who also previously attended Yale. It's not clear if Andrew and Julie Mason are related.
Those affected, the lawsuit says, were notified of the breach about six weeks after the university found out about it. Yale offered 12 months of free identity-theft protection services to those notified.
But the new 15-page lawsuit seeks to hold the university liable for the breach. The three-count complaint alleges negligence, unfair trade practices under the Connecticut General Statutes, and reckless, wanton and willful misconduct.
Yale, the lawsuit maintains, “improperly retained personal information, which was subsequently transferred to unauthorized persons during the breach, as evidenced by its statements that the personal identification information compromised in the breach was deleted from servers in September 2011 because it was unnecessary personal data.”
Karen Peart, director of external communications for Yale, said the university would not be commenting on the matter. As of Tuesday afternoon, Yale had not assigned attorneys to the case.
The lawsuit cites the Yale Daily News on Aug. 2 as saying the perpetrators of the breach are unknown, and that the university isn't pursuing an investigation because identifying the culprit or culprits a decade later would “not be possible.”
The lawsuit also alleges Yale has had previous cybersecurity concerns.
The university, the complaint says, had known about its data privacy issues since at least 2011 when it discovered that 43,000 Yale community members' Social Security numbers had been accessible online for almost a year.
“It was again made aware of its data security issues when it was notified in 2012 by the hacker group, NullCrew, that it obtained personal information about Yale students and staff members by exploiting security faults in Yale's databases,” the suit claims.
The lawsuit also alleges the university's “substandard security practices” led to the breach. It seeks class certification, compensatory and punitive damages, plus declaratory and injunctive relief as the court deems appropriate.
The plaintiff is represented by six attorneys: James Miller and Laurie Rubinow of Chester-based Shepherd, Finkelman, Miller & Shah; Gary Mason and Danielle Perry of the Washington, D.C.-based Whitfield Bryson & Mason; Charles Schaffer of Levin Sedran & Berman in Philadelphia; and Jeffrey Goldenberg of Cincinnati-based Goldenberg Schneider.
Goldenberg referred all inquiries Tuesday to Mason, who along with the other five attorneys, did not respond to a request for comment.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Uber Files RICO Suit Against Plaintiff-Side Firms Alleging Fraudulent Injury Claims
- 2The Law Firm Disrupted: Scrutinizing the Elephant More Than the Mouse
- 3Inherent Diminished Value Damages Unavailable to 3rd-Party Claimants, Court Says
- 4Pa. Defense Firm Sued by Client Over Ex-Eagles Player's $43.5M Med Mal Win
- 5Losses Mount at Morris Manning, but Departing Ex-Chair Stays Bullish About His Old Firm's Future
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
