Nov 282013

Mary Beth Faller reports some interesting details about the Maricopa Community Colleges breach noted previously on this blog:

The Maricopa County Community College District waited seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in an April security breach.


The FBI notified the district on April 29 that it found a website advertising personal data from the district’s information-technology system for sale, Gariepy said. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex,” he said. “They had to look at a number of different systems and servers and databases.

“It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive.”

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable, he said.


  14 Responses to “Maricopa Colleges waited 7 months to notify 2.4 million students of data breach”

  1. After all of the data was stolen, they “didn’t want to publicize that it could be vulnerable?”

  2. As far as I know I’ve never been affiliated in any way with the community college system in AZ. I did attend Devry in Phoenix in the 89,90. So how is it they have any information about me?

    I haven’t lived in AZ for 20 years! And is the “banking” info current or past? I’d really like to know what information they have about me and why.

    Include me in any class action [email protected]

    I certainly don’t trust a web site that immediately asks for personal information and looks like a fake site.

  3. Received my letter last week. plz include me in on any class action

  4. include me also they fucked me too got my letter the 11th of december 2013

  5. I sent a Certified, signature required, letter telling them to delete All my data from all databases. They said they will get to it as soon as the FBI has completed their investigation. I feel if anyone is unable to keep my information secure from theft, they are not entitled to keep that information. Period. I am also waiting for someone to open a Class Action. I also asked for a lifetime of credit monitoring since my SSN lasts a lifetime. If it was just CC info. it wouldn’t be that big of a deal, like Target. BUT when they let hackers get your SSN, that’s serious.

Sorry, the comment form is closed at this time.