New York University Hit With Class Action for Poor Data Security
New York University (NYU) was hit with a class action lawsuit on Monday over allegations that it failed to secure the personally identifiable information (PII) of its students, which was accessed in a data breach earlier in March. Data thieves have used the PII to commit identity theft and fraud, said the plaintiffs, who are current and former NYU students.
Sign up for a free preview to unlock the rest of this article
NYU "did not use reasonable security procedures and practices appropriate to the nature of the sensitive information they were maintaining for Plaintiff and Class Members, causing the exposure of PII, such as encrypting the information or deleting it when it is no longer needed," the complaint said. The school "could have prevented this Data Breach by, among other things, properly encrypting or otherwise protecting their equipment and computer files containing PII."
According to the complaint, the bad actors were able to access NYU's website, where information of more than three million applicants to the school, dating back to 1989, was exposed, including names, test scores, zip codes and financial aid information. The plaintiffs alleged that the university was negligent in its security practices, engaged in breach of contract and failed to comply with industry standards and FTC guidelines.