Wichita State University is facing a new lawsuit for a data breach in December that potentially compromised the personal data of thousands of former and current faculty, staff and students.
Michael Bahnmaier of Wichita filed the lawsuit in federal court May 14, alleging WSU “negligently failed” to safeguard sensitive information, “misplaced” the trust of its stakeholders and didn’t provide timely notice to those impacted by the breach. The class action suit seeks a jury trial and monetary damages.
“Because of the Breach, [those impacted] have suffered damages and are at imminent risk of serious and crippling identity theft,” the lawsuit states.
WSU said it “[does] not believe the lawsuit has merit” in an emailed statement to The Sunflower Wednesday morning.
In December 2019, WSU notified the campus community that someone had gained unauthorized access to a web portal server containing the information of current and former stakeholders. The university said it immediately secured the server and “engaged a leading computer forensic firm” to investigate the incident’s impact and scope.
After completing a “comprehensive review” on Jan. 13, WSU determined a historical database on the server contained stakeholders’ names, email addresses, birth dates and social security numbers, the university said in a March 6 letter to those whose information was impacted.
The lawsuit alleges the university prevented victims from taking early steps to mitigate harm by waiting nearly two months to notify those who were impacted. The suit also calls the incident “preventable” and accuses the university of not doing enough to amp up security before it happened.
“Forget about the gold standard of security. This isn’t even the bronze,” Bahnmaier’s attorney, Bill Federman of Oklahoma City-based firm Federman and Sherwood, told The Wichita Eagle.
In the emailed statement, WSU said it recently learned about the lawsuit and is “fully evaluating the legal claims and causes of action.”
WSU said it “has no indication at this time that personal information was misused.” Still, the university offered 12 months of identity theft protection through ID Experts at no charge to anyone impacted.
The university also said it is taking steps to enhance security protocols and train staffers to be prepared for cybersecurity incidents.