Serviceteam IT Security News

Student Sues Syracuse University Over Data Breach

A private university in New York State is being sued for negligence by one of its students over a data breach that may have exposed thousands of Social Security numbers.

Syracuse University (SU) suffered a data breach on September 25 last year after an employee fell victim to a phishing attack and clicked on a malicious link. 

The compromised account was secured by September 28, but the security incident may have exposed the names and social security numbers of nearly 10,000 students, alumni and university applicants. 

An investigation into the security incident, which finished on January 14, was reportedly unable to definitively state whether files containing names and security numbers had been accessed by an unauthorized third party. 

In February, Syracuse University, which offers a Master’s in Cybersecurity, began contacting individuals affected by the data breach to warn them that their personal information may have been exposed. 

Commenting on the breach, Steven Bennett, senior vice president for international programs and operations at SU, said in February: “This was a really regrettable event. I understand it’s quite upsetting to some people.”

He added: “We are looking to tighten up the management of any document that has personally identifiable information in it. That was something that, in the wake of this event, we realized we really needed to do, and that’s underway at the moment.”

On Thursday, one of the students who was impacted by the breach filed a class action lawsuit against SU in Onondaga Supreme Court. The plaintiff alleges that SU didn’t do enough to protect the personally identifiable information (PII) entrusted to its care. 

He claims that inadequate staff cybersecurity training and deficient cybersecurity protocols at the educational establishment left sensitive data vulnerable to exposure. The lawsuit further alleges that SU increased the potential harm caused by the breach by waiting four months after the incident to inform impacted individuals. 

The plaintiff decided to take legal action against the university after he discovered an unauthorized charge on his checking account in the wake of the breach.

In a statement to The Daily Orange, the SU’s senior associate vice president for university communications, Sarah Scalese, said that Syracuse University does not comment on pending litigation.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply