Nov 282013
 

Mary Beth Faller reports some interesting details about the Maricopa Community Colleges breach noted previously on this blog:

The Maricopa County Community College District waited seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in an April security breach.

[…]

The FBI notified the district on April 29 that it found a website advertising personal data from the district’s information-technology system for sale, Gariepy said. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex,” he said. “They had to look at a number of different systems and servers and databases.

“It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive.”

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable, he said.

Read more on azcentral.com.

  14 Responses to “Maricopa Colleges waited 7 months to notify 2.4 million students of data breach”

  1. After all of the data was stolen, they “didn’t want to publicize that it could be vulnerable?”

  2. If anyone is interested in opening a class action law suit my data was put in danger as well email at davythecameraman@gmail.com

    • Count me in on a class-action law suit: robvettor@hotmail.com

      That they maintain sensitive data on unsecure servers is negligent. That they do not notify you of the breach for 8 months is reckless.

      Want your data purged? Try calling them and asking. They flat-out refuse to do so — even when you never attended the school.

      Then, they downplay it, saying, well, err, we’re really not sure that there is a problem. While setting up a call center and allocating $14 million dollars to cover the problem.

      .

      • How is it that they have the data of people who never attended the school?

        • This is exactly what I’ve tried to find out. Kroll/ID Integrity does NOT have this information about database sources despite Maricopa stating that they could provide that info.

          Likewise, the school refuses to provide it… unless I give their random call center associate MY MOTHER’S DOB AND SOCIAL SECURITY NUMBER, in addition to my own. Which, NO FREAKING WAY.

          I’ve never attended Maricopa CC, but applied to Arizona State in 2004-ish (again, never attended). I’m thinking this is a case of information sharing… and I want to know WHY (any why MCC won’t release how they received information from others who were never students).

          Please include me in any updates.

      • plz Include me in class action suit as well walturner3rd@gmail

        I received my letter yesterday and googled it to see if it was a scam. I live in MN and have never even applied to MCC so I have no idea how they even got my information.

    • Got my letter a week or so ago, just now had time to sit down & find out if it was legit, thank you google for leading me to this thread. Count me in on the class action suit! kristina_kitzmiller88@yahoo.com

    • I have attended several of the Colleges of MCC but have not attended in at least 6 years.
      As I understand that MCC claims that Az Law requires them to keep the records, Az law probably does not specify the format of such records.
      Therefore an offline archive would have been more appropriate.
      Count me in on the class action. jdawiz@hotmail.com

  3. Please include me in the class action law suit; email me at deep.midnight@gmail.com. My information was exposed and I now have 2 incidents of probable ID theft within the past 2 months.

  4. As far as I know I’ve never been affiliated in any way with the community college system in AZ. I did attend Devry in Phoenix in the 89,90. So how is it they have any information about me?

    I haven’t lived in AZ for 20 years! And is the “banking” info current or past? I’d really like to know what information they have about me and why.

    Include me in any class action da_kota@yahoo.com

    I certainly don’t trust a web site that immediately asks for personal information and looks like a fake site.

  5. Received my letter last week. plz include me in on any class action

  6. include me also they fucked me too got my letter the 11th of december 2013

  7. I sent a Certified, signature required, letter telling them to delete All my data from all databases. They said they will get to it as soon as the FBI has completed their investigation. I feel if anyone is unable to keep my information secure from theft, they are not entitled to keep that information. Period. I am also waiting for someone to open a Class Action. I also asked for a lifetime of credit monitoring since my SSN lasts a lifetime. If it was just CC info. it wouldn’t be that big of a deal, like Target. BUT when they let hackers get your SSN, that’s serious.

Sorry, the comment form is closed at this time.