Hope College, a private four-year Christian liberal arts school in Holland, Michigan, is facing its second class-action lawsuit over a cybersecurity threat in September that may have compromised confidential information belonging to more than 155,000 people.
The first lawsuit was filed on Monday, Dec. 26, according to the Holland Sentinel. The second was filed just a day later in the U.S. District Court for the Western District of Michigan.
According to the second lawsuit, three counts have been brought forth against the college: negligence, unjust enrichment and breach of implied contract.
The plaintiffs are asking for compensation that “exceeds the sum or value of” $5 million, similar to the first lawsuit.
“Unfortunately, data security incidents have become far more prevalent in recent times, and more and more educational institutions have been targeted by cybercriminals,” the college said in a statement. “Hope College took great care to conduct a complete and thorough investigation, which required time to properly analyze and secure our systems, identify potentially impacted individuals and prepare resources to help our community protect its information. Additionally, we have reported this matter to federal law enforcement and are cooperating with their investigation.”
However, the plaintiffs argue that personal data was breached “due to Hope College’s negligent and or careless acts and omissions and due to its utter failure to protect.” The lawsuit also argues that potentially impacted individuals should have been notified sooner. Instead, their timing “allowed their injuries to fester and the damage to spread.”
Hope College first reported the data breach on or around Sept. 27, the Holland Sentinel reports. Upon investigation, it was revealed that Social Security numbers, driver’s license numbers, student ID numbers, birth dates, and first and last names had been compromised.
Impacted individuals were notified “as quickly as possible,” according to the college by U.S. mail. They also claim that there is “no evidence” of misuse of the compromised data and they will continue to provide “complimentary credit monitoring services” to those who may have been affected by the threat.