The breach notice filed with the Maine attorney general included the sample letter sent to those affected, which stated: "Mercer University takes the security of our computer systems very seriously. Wang's complaint also alleges that "according to postings on the dark web" where the Akira gang allegedly posted the defendants' private information, the miscreants "stated that Mercer University had refused to pay the ransom." It declined to comment on pending litigation. The Register noticed Mercer filed the data breach notice with the Maine state attorney general, under a law which only applies to personal data that is not encrypted, but not wanting to take this at face value, we asked the institution whether it had any encryption in place. Data loss costs are going up – and not just for those who choose to pay thieves.T-Mobile US suffers second data theft within months.Criminals spent 10 days in US dental insurer's systems extracting data of 9 million.US veterans' data exposed after burglary.The University has found no evidence that personal financial information was removed." Mercer released a statement on May 9 saying: "Although the University has taken extensive measures to protect the privacy of its information, some data – Social Security numbers and driver's license numbers – were removed from its systems without authorization. The complaint states: "Mercer University had far too much confidential unencrypted information held on its systems." Wang's lawsuit, meanwhile, specifically calls out the uni for allegedly not putting into place basic network segmentation or encrypting the confidential information that was leaked. Kilkus, however, says in her complaint that "if Mercer had exercised reasonable diligence in its investigation, it would have learned far sooner" that the personally identifiable information (PII) had been exposed."Īll of the lawsuits allege negligence, claiming little care was taken to protect the plaintiffs' PII, with Doe's suit alleging: "Not until over a month after it claims to have discovered the data breach did defendant begin sending the notice to persons whose PII and/or financial information defendant confirmed was potentially compromised as a result of the data breach." Data including name and "other personal identifiers" in combination with driver's licenses and Social Security numbers (SSNs) was nicked. The breach notice said the attack took place over February 12-24 and was only discovered on April 30.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |