Columbia University confronts a proposed class action following a May 2023 data breach that compromised personal data belonging to present and past students, employees, and applicants, as detailed in a 26-page lawsuit against the private New York City institution.
The lawsuit alleges that cybercriminals exploited a security vulnerability within the MOVEit file transfer service on May 30, pilfering Social Security numbers, dates of birth, financial details, and other sensitive information. The complaint contends that Columbia’s failure to implement adequate cybersecurity measures led to the widespread breach, emphasizing the university’s responsibility to ensure robust security within its third-party vendor’s systems.
Highlighting Columbia’s purported neglect of data security obligations, the lawsuit references the university’s previous data breach in 2007 and underscores the ongoing threat of identity theft and fraud faced by affected individuals. The plaintiff, a former student, reported experiencing multiple instances of credit card fraud post-breach, enduring significant time and financial investments in resolving these issues.
Despite the breach occurring months earlier, the lawsuit claims Columbia neglected to inform victims promptly. However, a list disclosed by the National Student Clearinghouse to the California Attorney General’s Office in September 2023 implicated Columbia University among nearly 900 colleges affected by the MOVEit breach.
The lawsuit aims to represent individuals whose sensitive information provided to Columbia University for application, enrollment, or employment purposes was compromised due to the breach on or around May 30, 2023.
