Privacy advocate files complaint with FTC over Maricopa County Community College District data breach
A formal complaint has been filed with the FTC against MCCCD regarding the 2011 and 2013 security breach. The complaint alleges violation of the Safeguard Rules.
Security breaches like the one at Wyndham hotels have been under scrutiny by the FTC for the company’s failure to protect the personal and financial information they collect. The FTC is yet to enforce the Safeguard Rules in an educational institution, however, the number and size of these breaches often surpass that of other industries. Institutions like MCCCD (the largest community college district in the nation) receive million of dollars in Financial Aid and collect personal and financial information for over a quarter of a million individuals every year. This is the same kind of personal and financial information that companies in the private sector collect. Negligence and failure to protect personal information has been cited multiple times in the class action lawsuits that have been recently filed against MCCCD. In a recent article titled ‘the year of living dangerously‘, the author clearly outlines what’s at stake if breaches like these go unanswered by the FTC. Organizations like Target Corp that understand the implications of inadequate security have held those at the very top responsible for massive financial loses and the consequences that follow a security breach. It goes without saying that if the FTC deems it necessary to investigate a breach of 500K individuals, such as the incident at Wyndham, an investigation of a security breach involving 2.5 million people at Maricopa Community Colleges is almost mandatory.
A new article was recently published in Databreaches.net that calls for a congressional inquiry of the MCCCD security breach. The breach at MCCCD exposed the identity of 2.5+ million people for life. It could have been avoided as clearly shown in this timeline of events.
The MCCCD administration was warned multiple times by their employees and members of the community. They chose to ignore all warnings and scapegoat employees. Even at this juncture, MCCCD may still be at risk as disclosed in recent Governing Board minutes. If the 2011-2013 warnings were not enough, the MCCCD Administration and Governing Board still refuse to meet with employees and address remaining security issues presented to them as recently as April 2014.
Largest Security Breach in Education
In a recent development, the FTC has file a complaint against Wyndham Hotels for failure to protect consumer personal information. The MCCCD security breach is much larger than the Wyndham case and it goes to show that when it comes to consumer protection and privacy of information it does not matter whether an organization is private or public.
MCCCD is now dealing with a $6.25 billion class action lawsuit, the threat of potential bankruptcy, disgusted Board Members, future issues with bond ratings, employee attrition, drop in enrollment worth millions, stonewalling of the media, damage to its reputation in the community and millions of taxpayer dollars being wasted in lawyers. Whether education or private sector, a security breach is a security breach. If the FTC plans to hold those in private industry accountable, they should do the same in all industries.