Yale Hit With 2nd Federal Lawsuit Over Data Breach From 2008
A second federal lawsuit has been filed against Yale alleging the university's "substandard security practices" led to a massive security breach 10 years ago that could have compromised 119,000 people. Yale did not learn about the breach until this past summer.
October 16, 2018 at 05:55 PM
3 minute read
The original version of this story was published on Connecticut Law Tribune
Yale University has been hit with its second putative class action in 10 weeks over a data breach that could have affected more than 119,000 alumni, faculty and staff.
The federal lawsuit was e-filed Monday evening in the U.S. District Court for the District of Connecticut. It asserts that in June 2018 Yale discovered during a security review of its servers that hackers gained access to electronic records containing personal information stored on its database between April 2008 and January 2009.
The breach, the lawsuit says, included the disclosure of names and Social Security numbers. It also included, in almost all instances, dates of birth, email addresses and, in some cases, physical addresses.
The latest lawsuit was filed on behalf of plaintiff Andrew Mason, a Virginia resident who attended a summer program at Yale during 2005. A similar lawsuit was filed Aug. 1 on behalf of Julie Mason, who also previously attended Yale. It's not clear if Andrew and Julie Mason are related.
Those affected, the lawsuit says, were notified of the breach about six weeks after the university found out about it. Yale offered 12 months of free identity-theft protection services to those notified.
But the new 15-page lawsuit seeks to hold the university liable for the breach. The three-count complaint alleges negligence, unfair trade practices under the Connecticut General Statutes, and reckless, wanton and willful misconduct.
Yale, the lawsuit maintains, “improperly retained personal information, which was subsequently transferred to unauthorized persons during the breach, as evidenced by its statements that the personal identification information compromised in the breach was deleted from servers in September 2011 because it was unnecessary personal data.”
Karen Peart, director of external communications for Yale, said the university would not be commenting on the matter. As of Tuesday afternoon, Yale had not assigned attorneys to the case.
The lawsuit cites the Yale Daily News on Aug. 2 as saying the perpetrators of the breach are unknown, and that the university isn't pursuing an investigation because identifying the culprit or culprits a decade later would “not be possible.”
The lawsuit also alleges Yale has had previous cybersecurity concerns.
The university, the complaint says, had known about its data privacy issues since at least 2011 when it discovered that 43,000 Yale community members' Social Security numbers had been accessible online for almost a year.
“It was again made aware of its data security issues when it was notified in 2012 by the hacker group, NullCrew, that it obtained personal information about Yale students and staff members by exploiting security faults in Yale's databases,” the suit claims.
The lawsuit also alleges the university's “substandard security practices” led to the breach. It seeks class certification, compensatory and punitive damages, plus declaratory and injunctive relief as the court deems appropriate.
The plaintiff is represented by six attorneys: James Miller and Laurie Rubinow of Chester-based Shepherd, Finkelman, Miller & Shah; Gary Mason and Danielle Perry of the Washington, D.C.-based Whitfield Bryson & Mason; Charles Schaffer of Levin Sedran & Berman in Philadelphia; and Jeffrey Goldenberg of Cincinnati-based Goldenberg Schneider.
Goldenberg referred all inquiries Tuesday to Mason, who along with the other five attorneys, did not respond to a request for comment.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Litigators of the Week: A Trade Secret Win at the ITC for Viking Over Promising Potential Liver Drug
- 2Litigator of the Week Runners-Up and Shout-Outs
- 3'The Show Must Go On': Solo-GC-of-Year Kevin Colby Pulls Off Perpetual Juggling Act
- 4Legal Speak at General Counsel Conference East 2024: Match Group's Katie Dugan & Herrick's Carol Goodman
- 5Legal Speak at General Counsel Conference East 2024: Eric Wall, Executive VP, Syllo
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250