WSU Data Breach: Settles 4.7M Lawsuit! The stolen hard disk affected approximately 1.2 million people with both personal and health records in it.
23 April 2019 — The Washington State University agreed to settle a 4.7 million dollar class action suit arising from 2017 infringements on personal and health records on certain compact hard drives.
The stealing of portable hard disks from its storage facility in Olympia, Washington, reported to WSU officials in April 2017. Data from the WSU Social and Economic Science Research Center used on their hard disks with around 1.2 million individuals. They did not encrypt the data.
The stolen hard disk affected approximately 1.2 million people. It was from a warehouse in April 2017 where both personal and health records were stored by the WSU research department.
Class action complaint
Shortly afterward the plaintiffs of this privacy infringement filed a class action complaint. They all discovered that WSU had gathered their data. Further, they also argued that the handling of WSU in an unsecured public storage facility was neglectful.
They stated that WSU’s safety was lax. Provided regulating the research center to create a semantic backup of research results then stored on hard drives. They swapped the equipment weekly. However, housed in a self-storage facility without surveillance cameras.
Many victims believed that identity fraud offenses. Further, others who compromised their information argued that they had to purchase credit surveillance systems to track identity theft. WSU countered that it was difficult to tie the identity fraud to the WSU hack. Hence, considering the amount of recent data breaches around the world.
Cash settlement?
In respect of any out-of-pocket charges incurred, such as credit surveillance services or credit reports, they may entitle victims to a reimbursement of up to $5,000 in cash under the settlement.
The sum of the lawsuits “outstanding $3.25 million,” however is pro rata limited. Claimants will have a right to two years’ free protection and credit control, administrative costs settlement, lawyer’s fees and other infringement-related expenditures.
The WSU cyber liability policy and state insurance plans make up a substantial portion of settlement accounts.
Terms agreed
WSU decided also to delete all the archived data on the initiative alluded to in the violation case. And according to the complaint, They will move all remaining study data to a safer venue. The WSU would also perform risk management and audit. Further, follow through with the strategy, processes, preparation, and equipment needed.
Furthermore, WSU will end violation of the IT contracts for the research project, moving those project obligations to its IT research office.
“The university agreed that the ongoing litigation would be even more costly and time-consuming while the Washington State University disputes the complaints filed in the case,” said WSU spokesman Phil Weiler in his speech to the local news service The Spokesman-Review.
More terms
“As a result, WSU agreed to include additional credit monitoring and insurance services to applicants, as well as pay for lost time in connection with the theft and documented over-the-counter costs,” he said.
The WSU is only the most recent agency to resolve class actions against victims of privacy infringements. UCLA Health most recently filed a complaint against the network for $7.5 million with the 4.5 million victims of data breaches.
Public Health Services resolved a three-month data breach caused by a ransomware attack in February affecting 4.5 million people.