Three lawsuits have been filed against Princeton over concerns about the handling and protection of personal data after the University disclosed a cybersecurity breach in November.
On Dec. 5, the Office of Information Technology (OIT) released a follow-up update concerning the cybersecurity breach that occurred earlier last month. The breach involved an individual accessing a University Advancement database, with information about students, faculty, alumni, and donors potentially at risk. The University confirmed there was no direct evidence any sensitive information, such as social security numbers, passwords, or credit card information, was leaked. Faculty and staff received additional information on how to avoid “phishing” attacks and maintain the security of University systems.
On Nov. 18, David Ramirez filed a lawsuit against the University in the U.S. District Court for the District of New Jersey, alleging that Princeton failed to implement security measures needed to keep affiliates safe.
The lawsuit claims that stolen information was a “gold mine,” claiming negligence and breach of contract. Ramirez seeks an outcome for himself and a class of about 100,000, with compensation for monetary damages, injunctive relief, and the disgorgement of profits being the goals of the suit.
On the same day, Henggao Cai filed a suit against the University, followed by a third by Gary Penna on Nov. 24.
An order by Judge Robert Kirsch on Dec. 9 consolidated the three cases into a single master lawsuit. An official leadership structure has been created, with Cai and Penna’s suits falling as member cases under the lead case, Ramirez v. Princeton University.
The law firms representing the individuals did not respond to multiple requests for comment.
University spokesperson Jennifer Morrill wrote to The Daily Princetonian that the University “believes these claims are without merit, and we plan to contest them vigorously.”
The breach comes as multiple universities across the Ivy League have reported various cybersecurity incidents in the past few months.
In late November, Harvard released a report that a similar phone-based phishing attack allowed an unauthorized party to access systems used by its Alumni Affairs and Development Office. The breach was quickly contained and did not include passwords or financial information, according to Klara Jelinkova, Harvard University vice president and University chief information officer. However, it has led to one class-action suit, which has yet to be resolved.
The University of Pennsylvania experienced a breach in late October, where attackers not only accessed but also released large volumes of personally identifiable information, including bank transaction data as well as internal University documents. This incident has led to eight lawsuits filed against UPenn.
Dartmouth College also disclosed a cybersecurity incident this fall that occurred over the summer, with attackers exploiting a vulnerability in Oracle software. The breach exposed sensitive data, including Social Security numbers, financial account information, and more. While no specific lawsuits have been filed yet, Lynch Carpenter, LLP is investigating claims against Dartmouth, as of the beginning of the month.
Over the summer, Columbia University faced an IT disruption lasting multiple days that was caused by a cyberattack. The incident affected nearly 870,000 servers, including both applicants to the University and affiliated individuals, with sensitive data such as citizenship information and Social Security numbers breached. A class-action lawsuit related to this breach was settled in September, with the Columbia University Irving Medical Center awarding the plaintiffs $600,000.
The University believes that the Nov. 10 incident was unrelated to the other recent occurrences, according to OIT.
Shaun Karani is a News contributor for the ‘Prince.’ He is from New York City.
Please send any corrections to correcctions[at]dailyprincetonian.com.
Read More
Israeli consulate visits Princeton to discuss experience of Jewish students, follows Tsurkov release
Luke GrippoFor the first time since the 2024 “Gaza Solidarity Encampment” at Princeton, Yuval Donio Gideon, head of the Public Policy Department of the Consulate General of Israel in New York, met with University administrators and campus rabbis to discuss the experience of Israeli and Jewish students on campus.
For the first time since the 2024 “Gaza Solidarity Encampment” at Princeton, Yuval Donio Gideon, head of the Public Policy Department of the Consulate General of Israel in New York, met with University administrators and campus rabbis to discuss the experience of Israeli and Jewish students on campus.
Trump administration announces new travel, visa restrictions in last days of semester
Luke GrippoNew travel restrictions announced by the Trump administration could impact international students returning to campus after break.
New travel restrictions announced by the Trump administration could impact international students returning to campus after break.
Professor Dan-el Padilla Peralta, champion of anti-racism in classics, to leave Princeton in August
Clara DochertyPadilla Peralta will enter a teaching position at Arizona State University in order to pursue an interest in public service.
Padilla Peralta will enter a teaching position at Arizona State University in order to pursue an interest in public service.