UCF Settles Lawsuit After 63,000 Social Security Numbers Exposed
One of the plaintiffs claims several fraudulent credit cards were opened under his name and his credit score dropped as a result of the hack.
The University of Central Florida has reached a legal settlement with five former students following a massive computer hack that exposed 63,000 Social Security numbers.
As part of the agreement, the school will spend an additional $1 million annually to protect students’ and employees’ personal information, reports The Orlando Sentinel. It will also add three information security positions and a full-time internal senior information security auditor.
Additionally, school officials estimate a one-time cost of $845,467 related to the implementation of an email technology that can detect harmful internet links and attachments.
UCF first discovered the hack in early January 2016. Those affected included 600 current student-athletes, former student-athletes and student staff managers for athletic teams. The remainder included current and former employees who worked at UCF as far back as the 1980s.
In early 2016, it became public that the FBI’s Jacksonville office was investigating the incident, although no information was released on how the hack occurred.
The school was first sued in February 2016 by former student and men’s basketball team manager Jeremiah Hughley. He originally filed the suit in Orange County Court seeking class-action status but later filed an amended lawsuit with four others.
The five plaintiffs named in the lawsuit will each receive $500 and the university will pay $64,200 for attorney fees and costs.
John Yanchunis, the plaintiffs’ attorney, called UCF’s lack of precautions against cyber attacks “simply inexcusable”.
Yanchunis says the suit focused on forcing UCF to improve its security practices since state laws limit damages to public entities at $300,000 per incident.
One of the plaintiffs, former student Max Palombo, says after the breach, several fraudulent credit cards were opened under his name. As a result, his credit score dropped and he was unable to activate credit monitoring since a fraud notice had been placed on his profile.
In a statement, UCF spokesman Chad Binette said safeguarding personal information is of “utmost importance”.
“The terms of the settlement feature a number of measures that we have already taken to increase our information security staffing, technology and training,” Binette wrote. “This includes purchasing new forensic software, implementing multi-factor authentication for employees and increasing awareness about how to best protect personal information. We will continue to invest in enhancing information security.”
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!