A new article was recently published in Databreaches.net that calls for a congressional inquiry of the MCCCD security breach. The breach at MCCCD exposed the identity of 2.5+ million people for life. It could have been avoided as clearly shown in this timeline of events.
The MCCCD administration was warned multiple times by their employees and members of the community. They chose to ignore all warnings and scapegoat employees. Even at this juncture, MCCCD may still be at risk as disclosed in recent Governing Board minutes. If the 2011-2013 warnings were not enough, the MCCCD Administration and Governing Board still refuse to meet with employees and address remaining security issues presented to them as recently as April 2014.
Largest Security Breach in Education
In a recent development, the FTC has file a complaint against Wyndham Hotels for failure to protect consumer personal information. The MCCCD security breach is much larger than the Wyndham case and it goes to show that when it comes to consumer protection and privacy of information it does not matter whether an organization is private or public.
MCCCD is now dealing with a $6.25 billion class action lawsuit, the threat of potential bankruptcy, disgusted Board Members, future issues with bond ratings, employee attrition, drop in enrollment worth millions, stonewalling of the media, damage to its reputation in the community and millions of taxpayer dollars being wasted in lawyers. Whether education or private sector, a security breach is a security breach. If the FTC plans to hold those in private industry accountable, they should do the same in all industries.
Target’s CEO has become the first boss of a major corporation to lose his job over a breach of customer data, showing how responsibility for computer security now reaches right to the top. —- Associated Press
It’s a new era for boards to take a proactive role in understanding what the risks are. —- Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin.
The Target and MCCCD represent two contrasting approaches on how to handle a security breach. There are striking similarities on what took place and significant difference on how the companies handled the situation.
So far, the Target Board of Directors has looked at risks and taken action to protect their company. They have chosen transparency and a clean slate as they move forward. In contrast, the MCCCD Governing Board has taken no action. It has surrounded itself with lawyers. It is breaking several AZ laws according to current lawsuits, keeping the top of the organization intact, blaming employees and stonewalling everyone. Which company would you want to work for? Which company has a better chance to survive?
Here is what they have in common:
- They both had a CEO and CIO (Chancellor and Vice-Chancellor of IT) responsible for the organization
If one class action lawsuit for over $6 billion wasn’t enough, Hagen Berman Sobol Shapiro now joins G&K in filing a second class action lawsuit filed against Maricopa Community College District.
Number of clients represented: 2.5 million
Counts: Negligence, Breach of contract
Damages: TBD x 2.5 million people (Billions)
Our sources indicate that other lawsuits are in the process of being filed.
At this rate, the number of lawyers, depositions, lawsuits, records requests, loss in enrollment and other factors are likely to overwhelm the MCCCD Administration and distract it from its mission. The MCCCD Board seems complacent at this point.
A user in an online forum put it this way:
“Maricopa did far more than just have a breach. They had one in 2011 and failed to fix the problem, resulting in another breach in 2013 that they then took another 7 months to notify users about. The second breach affected 2.4 million users.
I am a class rep on this suit and have had my identity stolen as a result of this breach. My social security number will never be safe again and I will be dealing with the repercussions indefinitely. $2500 is chump change.
The lesson for all institutions is that how you handle a breach is incredibly important. By not dealing with it, covering it up and now trying to scapegoat it personnel, maricopa has hurt their credibility, angered people who would otherwise have been sympathetic and made the situation far worse”