UCF Settles Lawsuit After 63,000 Social Security Numbers Exposed

One of the plaintiffs claims several fraudulent credit cards were opened under his name and his credit score dropped as a result of the hack.
Published: January 16, 2018

The University of Central Florida has reached a legal settlement with five former students following a massive computer hack that exposed 63,000 Social Security numbers.

As part of the agreement, the school will spend an additional $1 million annually to protect students’ and employees’ personal information, reports The Orlando Sentinel. It will also add three information security positions and a full-time internal senior information security auditor.

Additionally, school officials estimate a one-time cost of $845,467 related to the implementation of an email technology that can detect harmful internet links and attachments.

UCF first discovered the hack in early January 2016. Those affected included 600 current student-athletes, former student-athletes and student staff managers for athletic teams. The remainder included current and former employees who worked at UCF as far back as the 1980s.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

In early 2016, it became public that the FBI’s Jacksonville office was investigating the incident, although no information was released on how the hack occurred.

The school was first sued in February 2016 by former student and men’s basketball team manager Jeremiah Hughley. He originally filed the suit in Orange County Court seeking class-action status but later filed an amended lawsuit with four others.

The five plaintiffs named in the lawsuit will each receive $500 and the university will pay $64,200 for attorney fees and costs.

John Yanchunis, the plaintiffs’ attorney, called UCF’s lack of precautions against cyber attacks “simply inexcusable”.

Yanchunis says the suit focused on forcing UCF to improve its security practices since state laws limit damages to public entities at $300,000 per incident.

One of the plaintiffs, former student Max Palombo, says after the breach, several fraudulent credit cards were opened under his name. As a result, his credit score dropped and he was unable to activate credit monitoring since a fraud notice had been placed on his profile.

In a statement, UCF spokesman Chad Binette said safeguarding personal information is of “utmost importance”.

“The terms of the settlement feature a number of measures that we have already taken to increase our information security staffing, technology and training,” Binette wrote. “This includes purchasing new forensic software, implementing multi-factor authentication for employees and increasing awareness about how to best protect personal information. We will continue to invest in enhancing information security.”

ADVERTISEMENT
ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series