[ISN] Ohio University Sued As Result Of Data Theft

InfoSec News isn at c4i.org
Wed Jun 28 01:13:20 EDT 2006


June 27, 2006

ATHENS, Ohio -- Two graduate students have filed lawsuits against Ohio
University due to recent data thefts from school computers.

Donald Jay Kulpa, 31, of Cincinnati, and Kenneth Neben, 34, formerly
of Columbus and now living in New Jersey, sued OU, claiming their
privacy had been violated. Kulpa and Neben are two of possibly 173,000
students, employees, or faculty whose Social Security numbers were
stolen in five separate instances since March 2005.

Of the 173,000 people, about 367,000 files containing personal
information such as Social Security numbers, names, medical records,
and home addresses were breached.

The lawsuit was filed Friday in the Ohio Court of Claims in Columbus.  
On the same day, OU made a decision to spend $4 million to heighten
computer security on campus.
The lawsuit asks a judge to order the school to compensate for any
financial loss as a result of identity thefts linked to security
breaches at OU. They also want the school to pay for credit monitoring
services for anybody whose personal information may have been

Kulpa and Neben's lawsuit seeks class-action status to represent
anyone affected, including students, faculty, and employees.

John Burns, OU's legal affairs director, said he expected a lawsuit
but not one that reached class-action status.

"We'll review it and we'll defend it," Burns said.

Mark Mezibov, a Cincinnati lawyer representing Kulpa and Neben, said
the university was negligent and indifferent in failing to protect
personal information

A recent consultants' report concluded that OU's Computer and Network
Services division considered security as a low priority for the past
decade. However, the division had an annual budget of about $11
million and recent annual surpluses averaging $1.4 million.

Last week, OU suspended the director of Computer and Network Services
and the Internet and systems manager, pending an investigation
regarding the security breaches.

On April 21, the university announced it had discovered a security
breach at its training center for fledgling businesses. Since the
incident, breaches have been reported at the alumni office, health
center, and the department that handles records for businesses the
university hires.

Copyright 2006 by ChannelCincinnati.com. 
The Associated Press contributed to this report. 

More information about the ISN mailing list