Data Breach Lawsuit Alleges California Northstate University Left Private Info Vulnerable to Hackers
Titus-Lay v. California Northstate University, LLC
Filed: April 29, 2024 ◆§ 2:24-at-00536
CNU faces a class action over a February 2023 cyberattack during which hackers gained access to highly sensitive employee and student data.
California Unfair Competition Law California Consumer Privacy Act California Consumer Records Act
California
California Northstate University (CNU) faces a proposed class action lawsuit over a February 2023 cyberattack during which hackers gained access to highly sensitive employee and student data.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 34-page lawsuit says that CNU, a private university that specializes in healthcare education, was targeted by cybercriminal group AvosLocker between February 12 and February 13 of last year. The data breach lawsuit relays that, as a result of the ransomware attack—during which the hacker group gained access to certain files stored on CNU’s servers—confidential information belonging to thousands of current and former employees and students was compromised.
Per the case, the private data exposed in the cyberattack included names, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses and W-2 forms.
According to the complaint, the hacker group later issued the university a ransom demand and posted a statement on a data leak website detailing the types of information that had been stolen. The cybercriminal gang also reportedly published data belonging to a CNU applicant and the 2022 W-2 statements of the college’s top executives, the filing adds.
The lawsuit notes that the university has “provided no public information on the ransom demand or payment.”
The suit claims that the data breach stemmed from CNU’s inadequate cybersecurity protocols, which, according to the case, left the stored information vulnerable to unauthorized disclosure.
Furthermore, the complaint condemns the college’s allegedly delayed notification of data breach victims. As the filing tells it, CNU waited until late December 2023 to distribute notice letters to impacted individuals, more than 10 months after the incident purportedly occurred.
The case charges that this delay unfairly deprived victims of the opportunity to take prompt action to mitigate the consequences of the theft of their personal data.
The lawsuit looks to represent anyone in the United States whose private information was compromised in the California Northstate University data breach, including those who received notice of the incident.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.