University of Rochester Hit with Class Action Over May 2023 Data Breach
Benton-Hill v. The University of Rochester
Filed: August 8, 2023 ◆§ 6:23-cv-06447
The University of Rochester has been hit with a class action over a May 2023 data breach that stemmed from the private research university’s allegedly deficient cybersecurity practices.
The University of Rochester has been hit with a proposed class action over a May 2023 data breach that stemmed from the private research university’s allegedly deficient cybersecurity practices.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the 43-page complaint, the New York school learned on July 19 of this year that an unauthorized individual had gained access to students’ data by hacking the MOVEit file-transfer application, a data transfer program the University of Rochester uses to transfer large data files between servers.
The lawsuit claims that the cyberattack, which occurred on May 27, 2023, has reportedly exposed more than 88,000 individuals’ private information, including, but not limited to, their Social Security numbers.
The case contends that the University of Rochester maintained students’ personal data in a “reckless manner” on a computer network that was left vulnerable to unauthorized intrusions. As the filing tells it, the defendant’s failure to employ reasonable data security measures to safeguard consumers’ information violates state and federal law.
Moreover, the university waited until July 28 to reveal the data breach to victims, who now face an “ongoing, imminent, and impending” threat of identity theft and other fraudulent uses of their personal information, the lawsuit argues. The complaint also stresses that those affected by the incident will be forced to pay out-of-pocket costs for protective measures such as credit monitoring and identity theft protection services.
“While news stories and public reporting have speculated on the mechanism of the data breach, Plaintiff and Class members have never been fully informed about the scope of the intrusion, the vulnerabilities exploited, the remediation required or the vulnerability of their data that remains in the possession of the Defendant,” the case says.
Given the substantial increase in cyberattacks in recent years, the University of Rochester “knew or should have known” that its cybersecurity obligations were “particularly important,” the suit charges.
The lawsuit looks to cover any United States residents whose private information was accessed or acquired during the data breach event announced by the University of Rochester.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.