- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
Student Sues Syracuse University Over Data Breach
A private university in New York State is being sued for negligence by one of its students over a data breach that may have exposed thousands of Social Security numbers.
Syracuse University (SU) suffered a data breach on September 25 last year after an employee fell victim to a phishing attack and clicked on a malicious link.
The compromised account was secured by September 28, but the security incident may have exposed the names and social security numbers of nearly 10,000 students, alumni and university applicants.
An investigation into the security incident, which finished on January 14, was reportedly unable to definitively state whether files containing names and security numbers had been accessed by an unauthorized third party.
In February, Syracuse University, which offers a Master’s in Cybersecurity, began contacting individuals affected by the data breach to warn them that their personal information may have been exposed.
Commenting on the breach, Steven Bennett, senior vice president for international programs and operations at SU, said in February: “This was a really regrettable event. I understand it’s quite upsetting to some people.”
He added: “We are looking to tighten up the management of any document that has personally identifiable information in it. That was something that, in the wake of this event, we realized we really needed to do, and that’s underway at the moment.”
On Thursday, one of the students who was impacted by the breach filed a class action lawsuit against SU in Onondaga Supreme Court. The plaintiff alleges that SU didn’t do enough to protect the personally identifiable information (PII) entrusted to its care.
He claims that inadequate staff cybersecurity training and deficient cybersecurity protocols at the educational establishment left sensitive data vulnerable to exposure. The lawsuit further alleges that SU increased the potential harm caused by the breach by waiting four months after the incident to inform impacted individuals.
The plaintiff decided to take legal action against the university after he discovered an unauthorized charge on his checking account in the wake of the breach.
In a statement to The Daily Orange, the SU’s senior associate vice president for university communications, Sarah Scalese, said that Syracuse University does not comment on pending litigation.