Mass. Community College Sued in Class Action After December Data Breach

result of the community college’s failure to implement reasonable security protections, hackers compromised its network and accessed “thousands” of student files with sensitive PII, alleged the complaint. From Dec. 14 to Dec. 23, unauthorized actors accessed Bristol’s network, a breach the community college didn’t detect until April 10, said the complaint. It didn’t notify affected individuals until about May 10. Due to the school’s failures to protect their data, class members face the “real, immediate, and likely danger of identity theft and misuse of their PII,” said the complaint. Plaintiffs Robert Alexander, Fall River, Massachusetts; Michael Clancy and Mario Canario, both Warren, Rhode Island; and David Vito, Warwick, Rhode Island, received letters in May informing them an unauthorized actor had exfiltrated their PII and Social Security numbers. Alexander, a student at Bristol Community College 1996-1997, was the victim of financial fraud in April when unauthorized users accessed his bank account on three occasions and withdrew $250 from his account, said the complaint. The other three plaintiffs have made reasonable efforts to mitigate the impact of the data breach, including reviewing credit reports and financial account statements for indications of attempted identity theft or fraud. Plaintiffs assert claims of negligence, breach of contract, bailment, violation of Massachusetts’ Security Breach Law, state data breach and consumer protection statutes, intrusion upon seclusion and unjust enrichment. They seek compensatory, consequential, statutory, punitive and general damages, plus attorneys’ fees and legal costs.