On August 3, 2022, Marymount Manhattan College reported a data breach with several state attorney generals’ offices. According to MMC, the breach resulted in the names, Social Security numbers, driver’s license numbers, financial account information, medical information and health insurance information of certain individuals being compromised. After confirming the breach and identifying all affected parties, Marymount Manhattan College began sending out data breach letters to those whose information was leaked in the recent incident.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Marymount Manhattan College data breach, please see our recent piece on the topic here.
What We Know About the Marymount Manhattan College Data Breach
The information about the Marymount Manhattan College data breach comes from several documents the school filed with various state attorney generals’ offices. According to these sources, on November 12, 2021, Marymount Manhattan College experienced a “network disruption.” While the school did not clarify what it meant by this statement, it was apparently serious enough to prompt the school to engage the assistance of cybersecurity professionals to conduct an investigation into the incident.
The investigation revealed that an unauthorized party was able to gain access to certain files contained on the Marymount Manhattan College network. The evidence also suggested that the hacker removed some of these files, which were later determined to contain sensitive information belonging to thousands of individuals.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Marymount Manhattan College began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, financial account information, medical information and health insurance information.
On August 3, 2022, Marymount Manhattan College sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Marymount Manhattan College
Founded in 1936, Marymount Manhattan College is a private college on the Upper East Side of Manhattan in New York City. The school offers more than 40 majors and 32 minors, including accounting, acting, art, art history, biology, business, costume design, creative writing, dance, economics, entrepreneurship, finance, international studies, law and ethics, music, and photography. Marymount Manhattan College currently has a student body consisting of approximately 1,500 students. Marymount Manhattan College employs more than 1,548 people and generates approximately $85 million in annual revenue.
Can Students and Faculty Pursue a Legal Claim Against a School Following a Data Breach?
Yes, schools and colleges, like businesses, non-profits, and government entities, can be financially responsible for the harms a victim suffers after a data breach. However, a college is not automatically liable for a data breach just because a hacker breached its system and stole student or faculty data; the breach must be a result of the school’s negligence in order for it to be legally responsible. Additionally, affected students or faculty must prove that the school’s negligence was the cause of or a contributing factor to the breach.
In most cases, college data breaches are the result of cybercriminals specifically targeting a school. These hackers employ sophisticated scams and cyberattacks to carry out the breach in hopes of stealing student or faculty data that they can either use to commit fraud themselves or sell to others on the dark web. However, schools that are up-to-date on all data privacy issues and maintain strong data security systems are usually able to stop most breaches.
There are a few ways a school or university can be negligent when it comes to a data breach. For example, if college employees are careless in how they store student data, such as by failing to encrypt files containing sensitive student information, it may result in a school being liable for the breach. Similarly, if an employee of the college responds to an email phishing attack, either by providing their login credentials or student information or by clicking on a malicious link that enables the hacker to access the school’s network, the school may also be liable.
Of course, these are just a few of the ways that a college may be liable for a data breach. Unfortunately, it can be very difficult for students and faculty to know what led to a data breach, which can make it challenging to determine whether they have a claim. Data breach lawyers can assist students, faculty or others who believe their information may have been leaked as a result of a university data breach.