UCF Settles Lawsuit After 63,000 Social Security Numbers Exposed
One of the plaintiffs claims several fraudulent credit cards were opened under his name and his credit score dropped as a result of the hack.
The University of Central Florida has reached a legal settlement with five former students following a massive computer hack that exposed 63,000 Social Security numbers.
As part of the agreement, the school will spend an additional $1 million annually to protect students’ and employees’ personal information, reports The Orlando Sentinel. It will also add three information security positions and a full-time internal senior information security auditor.
Additionally, school officials estimate a one-time cost of $845,467 related to the implementation of an email technology that can detect harmful internet links and attachments.
UCF first discovered the hack in early January 2016. Those affected included 600 current student-athletes, former student-athletes and student staff managers for athletic teams. The remainder included current and former employees who worked at UCF as far back as the 1980s.
In early 2016, it became public that the FBI’s Jacksonville office was investigating the incident, although no information was released on how the hack occurred.
The school was first sued in February 2016 by former student and men’s basketball team manager Jeremiah Hughley. He originally filed the suit in Orange County Court seeking class-action status but later filed an amended lawsuit with four others.
The five plaintiffs named in the lawsuit will each receive $500 and the university will pay $64,200 for attorney fees and costs.
John Yanchunis, the plaintiffs’ attorney, called UCF’s lack of precautions against cyber attacks “simply inexcusable”.
Yanchunis says the suit focused on forcing UCF to improve its security practices since state laws limit damages to public entities at $300,000 per incident.
One of the plaintiffs, former student Max Palombo, says after the breach, several fraudulent credit cards were opened under his name. As a result, his credit score dropped and he was unable to activate credit monitoring since a fraud notice had been placed on his profile.
In a statement, UCF spokesman Chad Binette said safeguarding personal information is of “utmost importance”.
“The terms of the settlement feature a number of measures that we have already taken to increase our information security staffing, technology and training,” Binette wrote. “This includes purchasing new forensic software, implementing multi-factor authentication for employees and increasing awareness about how to best protect personal information. We will continue to invest in enhancing information security.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
[…] Colleges and universities have had to pay millions of dollars in fines and lawsuits associated with data breaches, including Washington State University ($4.7 million), UCLA Health ($7.5 million) and the University of Central Florida. […]