Yale University Sued Over 2008 Data Breach

Yale University Sued Over 2008 Data Breach

In a letter to those affected by the 2008 data breach, Yale said the breach was discovered on June 16, 2018, during a security review of its servers. After the university discovered the breach, it notified those affected and offered credit monitoring services and identity theft prevention tips.

Two lawsuits have been filed in federal court against Yale University. Both lawsuits are claiming damages from a 2008 data breach at Yale, which was discovered earlier this year.

Between April 2008 and January 2009, intruders gained access to a Yale database and gathered names, Social Security numbers, dates of birth, email addresses, and in some cases, physical addresses.

In a letter to those affected by the data breach, Yale said the breach was discovered on June 16, 2018, during a security review of its servers. After the university discovered the breach, it notified those affected and offered credit monitoring services and identity theft prevention tips.

A class-action lawsuit filed this week on behalf of Andrew Mason of Virginia claims that Yale was negligent in its handling of student data and that the university was reckless and acted with “willful misconduct” as it “turned a blind eye to” possibilities of a prior data breach. It also claims that the university used unfair trade practices.

A federal lawsuit on behalf of Julie Mason of New York was filed in August. The lawsuit also claims negligence, willful misconduct, recklessness and unfair trade practices. In addition, it claims that Yale had still not notified everyone who was affected as of Aug. 1, six weeks after discovering the data breach.

The breach affected an estimated 119,000 Yale alumni, faculty and staff, according to the lawsuits. One of the lawsuits claims that the breach affected a far broader group of people than initially identified by Yale, and that Yale did not make people aware that this type of their personal data had been stored.

In its letter to those affected, Yale said that the university had deleted personal information from the affected database in 2011 as part of a data protection program, but had not detected the data breach at that time.

“Yale takes seriously the protection of personal information, and we continue to improve our electronic security and eliminate the unnecessary storage of such information,” the university’s statement to those affected read. “We very much regret this incident and the inconvenience to you.”

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus

Digital Edition

  • Security Today Magazine - April 2019

    April 2019

    Featuring:

    • An Iron Solution
    • Simplify, Automate and Modernize
    • Paving Safer Roads
    • Crime-busting Technology
    • Helping Those in Need

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety