Class-action suit filed against UH over data breaches
Gene Park reports:
The University of Hawaii is now the target of a class-action lawsuit filed today, as a result of recent data breaches.
The main plaintiff in the case, Philippe Gross, was a student at the Manoa campus from 1990 through 1998. He said four other names have been attached to his social security number, and that his credit card has been used in Georgia.
Since 2005, the University of Hawaii has been responsible for 259,000 private records being released. In the latest instance, the personal information of more than 40,000 students were uploaded to the Internet by a faculty member at the UH-West Oahu campus.
The lawsuit alleges that Gross was affected by that breach, as well as a June 2009 breach that affected everyone who had done business at the Manoa campus parking office.
Read more on Star Advertiser.
Given how other data breach lawsuits have played out, I wonder what the attorney really thinks he can get — maybe credit monitoring for everyone? I don’t see anything more coming out of this unless the lead plaintiff can show that the ID theft he experienced is a result of the breach(es) and given how many ways his identity info could have been obtained, I don’t think that will be easy. If data from the breach(es) were being misused, you wouldn’t expect to have just one or a few complaints. But if he can demonstrate a connection to the breach, then UH would probably offer to settle by helping him restore his credit, etc. In any event, I don’t see where anyone other than the lawyers get much out of this breach other than maybe credit monitoring. What do you think?