University Breach Settlement Approved2 Years of Credit Monitoring Services Required
A court has granted final approval of the settlement of a class action lawsuit against University of Hawaii stemming from five data breaches over a three-year period that affected nearly 96,000 individuals.
The settlement will provide those affected with two years of free credit monitoring and credit restoration services, according to a statement from the university. The settlement affects students, faculty, alumni, university employees and others whose data was exposed in the five breaches from 2009 to 2011.
Lynne Waters, a University of Hawaii spokesperson, estimates the services will cost the university about $550,000.
First Circuit Judge Patrick Border granted final approval of the settlement on April 17. The university agreed to the settlement on Feb. 1, when it was granted preliminary approval [see: University Breach Lawsuit Settled].
Thomas Grande, one of the attorneys involved in filing the lawsuit, said: "Identity theft is an issue of intense concern. This settlement sets the standard for providing these services to future data breach victims."
A membership ID will be mailed to the victims, who have until May 1 to sign-up for the free services. Affected individuals must register at www.idintegrity.com with their membership ID.
The breaches occurred at UH Manoa, UH West Oahu, Kapiolani Community College and Honolulu Community College, which are all part of the university system.
The most recent of the five breaches, according to the university, occurred on July 1, 2011, when campus employees reported that boxes of paper files containing personal information were missing from a secured storage area. The information included in the files was necessary for processing payments for Kapiolani Community College business transactions, including some combination of name, address, phone number, Social Security number, and/or credit card information.
In the suit, filed in the U.S. District Court of Hawaii on Nov. 18, 2010, the plaintiffs referenced four other breaches, including one in October 2010 where names, Social Security numbers, dates of birth and other "extremely detailed" personal information on more than 40,000 alumni were posted on an insecure website for almost a year by a retired faculty member who had been conducting research.
In a June 2010 incident, a hacker penetrated an unsecured server storing names, Social Security numbers and credit card numbers for almost 54,000 students, guests and alumni. In a February 2010 breach, 35 names and credit card numbers were made mistakenly available on a public computer at the Pacific Aviation Training Center at Honolulu Community College. And in an April 2009 incident, a malware-infected server exposed more than 15,000 names and social security numbers of students who applied for financial aid at Kapiolani Community College, along with their parents' personal information, according to the lawsuit.