Info@NationalCyberSecurity
Info@NationalCyberSecurity

Federal lawsuit blames Whitworth University for ransomware attack last summer, loss of data | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


A Whitworth University student is asking a federal judge to approve a class action against the school for damages stemming from a ransomware attack discovered in July 2022 that affected more than 65,500 people.

The lawsuit, filed Thursday in U.S. District Court in Spokane, alleges Whitworth was negligent in allowing a still-unidentified attacker to access health, financial and personal data of past and present students, staff and faculty. It was filed by Patrick Loyola, identified in court documents as a student at the time of the attack The university initially reported the incident as a “sophisticated security issue” in August before informing the Washington attorney general’s office in October that a ransomware attack had occurred.

The federal lawsuit cites a recent report to the attorney general’s office in Maine, which has data breach reporting laws similar to those in Washington. In that April filing, Whitworth acknowledged the number of affected people was 65,593, a number confirmed by a university spokeswoman on Friday.

Whitworth began notifying affected people in October that their names, student ID numbers, state ID numbers, passport numbers, Social Security number and health insurance information may have been compromised. The university finished searching for affected Washingtonians and residents of other states in March, according to the school. That led to the final number of 65,593 affected people, including 36,564 Washington residents, who were notified by letter in April.

The Washington Attorney General’s Office reported that 4.5 million Washingtonians were the victims of cyberattacks in 2022, down from 6.5 million in 2021. Many of those affected in last year’s report were part of a massive data attack on the wireless carrier T-Mobile. The company eventually settled a class action in that case for $350 million.

Loyola’s lawsuit says Whitworth should have done more to prevent a ransomware attack, a method of online extortion in which a hacker gains access to information then demands payment to prevent it from being released or to return control of the data back to its owners. The lawsuit also claims that Whitworth’s offer of free credit monitoring services “does not adequately address the lifelong harm that victims will face following the data breach.”

Whitworth University said Friday it had not yet received a copy of the lawsuit, and could not confirm whether Loyola is a current or former student at the school. A phone and email message left with Loyola’s Wisconsin-based attorney was not immediately returned Friday.

The lawsuit seeks damages in excess of $5 million. The case has been assigned to U.S. District Court Chief Judge Stanley Bastian. No court dates had been scheduled as of Friday.

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW