Maricopa Colleges waited 7 months to notify 2.4 million students of data breach

Mary Beth Faller reports some interesting details about the Maricopa Community Colleges breach noted previously on this blog:

The Maricopa County Community College District waited seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in an April security breach.


The FBI notified the district on April 29 that it found a website advertising personal data from the district’s information-technology system for sale, Gariepy said. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex,” he said. “They had to look at a number of different systems and servers and databases.

“It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive.”

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable, he said.


About the author: Dissent