A lawsuit has been filed against Pierce College District following a significant data breach that affected over 155,000 former students and staff. The breach, resulting from a cyber attack over the summer, exposed sensitive information, including Social Security numbers and banking details, leading to allegations of the college’s failure to protect this information.
Sally McAuley, a former student, initiated the lawsuit in Pierce County Superior Court, aiming for class-action status. Attorney Timothy Emery highlighted the insufficiency of Pierce College’s security protocols, citing the breach as evidence of inadequacies in safeguarding student information.
Responding to inquiries, Pierce College Chancellor Julie White acknowledged the breach but contested the lawsuit’s portrayal of the incident’s nature and scope, refraining from elaborating due to legal constraints.
The breach, discovered on July 24 and spanning a day, prompted Pierce College to initiate network security measures and an investigation. Subsequent findings revealed unauthorized access, prompting the college to notify potentially affected individuals on September 8.
The compromised data, affecting 155,811 individuals, included sensitive personal information like Social Security numbers, driver’s license numbers, financial details, and complete dates of birth, as reported to the state Attorney General’s Consumer Protection Division.
The lawsuit referenced a cybersecurity publication’s report, citing a cybercriminal group, “Rhysida gang,” auctioning off information stolen from Pierce College on the dark web.
McAuley, among those affected, encountered an increase in spam calls and fraudulent attempts using her personal information. The lawsuit reflects similar experiences among breach victims, including identity theft, financial fraud, and unauthorized access to bank accounts.
Seeking unspecified damages and legal fees, the lawsuit urges class certification for over 150,000 affected individuals and demands Pierce College to implement stringent security measures, conduct testing, monitoring, and training, and delete retained personal data unless justified.
In response, Pierce College collaborated with cybersecurity experts and insurers to enhance security measures, including additional authentication layers. The college assured ongoing efforts to protect data integrity and prevent unauthorized access.
Addressing affected parties, Pierce College provided resources for fraud detection and identity protection, offering free credit reports and guidance on contacting credit reporting agencies and law enforcement.