After massive data breach, local college agrees with AG to pay $3.5 million to revamp security

September 22, 2023 Rob Abruzzese

Attorney General Letitia James, who has recently demanded answers from social media platforms regarding the spread of hateful content following terrorist attacks in Israel.
AP file photo

Share this:

In an era where technology and data have become woven into the fabric of our lives, concerns about digital security are paramount. The rapid pace of technological advancements, while having many benefits, has also exposed countless individuals to potential breaches of their personal data.

This increasing vulnerability prompts the need for robust digital protection measures, especially within institutions that handle large amounts of sensitive personal data.

Marymount Manhattan College (MMC), a renowned nonprofit liberal arts college in New York City, became the latest addition to a growing list of institutions that have faced cyberattacks.

In 2021, nearly 100,000 New Yorkers connected to MMC saw their personal data compromised, from bank and credit card details to medical information. An oversight in their data security allowed a hacker to not only access but also ransom this trove of personal information.

While the immediate crisis was addressed with the payment of the ransom and the subsequent deletion of the stolen data, this event opened a broader discussion on the state of data security within organizations, both corporate and academic.

New York Attorney General Letitia James took a firm stance on this issue, resulting in an agreement with MMC that mandated an investment of $3.5 million toward bolstering its data encryption and security measures. The agreement came after a comprehensive review by the Office of the Attorney General (OAG) revealed the college’s systemic failures in updating and maintaining its security infrastructure.

Attorney General James’ consistent efforts in this realm signal an unmistakable trend — the urgency to safeguard New Yorkers’ personal data. The MMC case is not isolated. Recently, several companies, including Sports Warehouse, a medical management firm, student apparel maker Herff Jones, SHEIN and Zoetop and even retailer Wegmans, faced scrutiny and subsequent penalties for their lapses in data security.

These actions by Attorney General James underscore her office’s commitment to ensuring that entities, whether they are academic institutions or corporations, prioritize the protection of their stakeholders’ data. The comprehensive data security guide released in April, alongside consumer alerts and other proactive measures, further solidifies this commitment, according to the AG’s Office..

In the MMC case, for instance, measures like maintaining an up-to-date security program, encrypting all personal data, enabling multi-factor authentication and transparency in data collection and deletion practices, have been emphasized. Such standards set a precedent for other institutions, urging them to preemptively strengthen their data protection measures or face significant consequences.