WSU Settles Lawsuit Over 2017 Hard Drive Theft for $4.7 Million

Nearly 1.3 million people’s personal information was stolen, including Social Security numbers, when a hard drive was stolen from an off-site storage unit.

April 26, 2019 Amy Rock Jump to Comments

Washington State University has settled a class-action lawsuit after a hard drive containing millions of people’s personal data was stolen from a storage unit.

A safe containing the backup hard drive was taken from an off-site storage container in Olympia on April 21, 2017. The hard drive belonged to the school’s Social and Economic Sciences Research Center (SESRC).

The drive contained sensitive information of over 1.3 million individuals who had participated in studies and evaluations conducted by the SESRC from 1998 to 2013. The data included names, Social Security numbers and personal health information — much of which was not encrypted.

The victims, some of whom say their data was used for identity theft crimes, filed the class-action lawsuit, claiming they were unaware their information was being stored and that the Pullman university was negligent in storing the hard drive in an unsecured location.

WSU countered the plaintiffs’ argument, stating it is difficult to tie the identity thefts to the WSU breach given the number of recent data breaches across the country, reports Beckers Hospital Review.

“While Washington State University disputes the claims made in the suit, the university has concluded that continued litigation would be even more expensive and time-consuming,” said WSU spokesman Phil Weiler.

Under the settlement, victims may be entitled to receive up to $5,000 in cash reimbursements for any out-of-pocket expenses incurred by the breach. Some victims claimed they were forced to buy credit monitoring services to monitor identity theft.

Victims will also be entitled to two years of free credit monitoring and insurance services, administrative fee payments, attorney fees and other breach-related expenses, according to Health IT Security.

Furthermore, the school agreed to destroy all archived research data related to the project referred to in the suit and any remaining research data will be moved to a secured location. It will also implement new policies, procedures, training and technology based on a risk assessment and audit.

WSU joins a growing list of schools and hospitals that have either experienced data breaches or reached settlements.

In March, UCLA Health settled a class-action lawsuit for $7.5 million after hackers gained access to personal information of over 4.5 million patients in 2014. Also in March, Georgia Tech experienced a data breach that exposed the information of 1.3 million current and former students, as well as applicants and staff members.

In December 2018, hackers were able to steal over $800,000 from Cape Cod Community College after gaining access to the school’s bank information. Also in December 2018, hackers stole 10 years’ worth of student and staff data from the San Diego Unified School District.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Amy Rock, Executive Editor

Contact:

Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.