BREAKING: Princeton University is under fire as two proposed class-action lawsuits accuse the institution of failing to safeguard personal data, potentially putting over 100,000 individuals at risk of identity theft. The lawsuits, filed in the U.S. District Court for New Jersey, allege that a phishing scam on November 10, 2023, exposed sensitive information due to inadequate cybersecurity measures.
The plaintiffs assert that the breach allowed hackers to penetrate the university’s Advancement database, which contains biographical information related to fundraising and alumni activities. David Ramirez, one of the plaintiffs, claims that the compromised data includes “names, email addresses, telephone numbers, home and business addresses, and information concerning fundraising activities and donations made to Princeton.”
“Cybercriminals have accessed everything they need to commit identity theft and wreak havoc on the personal lives of thousands,” stated Ramirez’s attorney, Leanna A. Loginov. The second lawsuit was filed the same day by Henggao Cai, who criticized the university’s decision to store such vast amounts of personal data in a single location. According to the complaint, this oversight increases vulnerability to targeted attacks.
In response to the escalating situation, Princeton University’s spokesperson, Jennifer Morrill, announced, “We believe these claims are without merit, and we plan to contest them vigorously.” The university maintains that the database does not include passwords, Social Security numbers, credit card information, or bank account records.
Princeton described the incident as stemming from a phone phishing attack, targeting an employee with access to the Advancement database. The breach began midday on November 10 and was contained within 24 hours. However, the university has not disclosed if any arrests have been made or if the attackers are linked to other cyber incidents at universities.
The university’s database includes information on all alumni, former students, their spouses, university donors, and parents of current and former students. Princeton has warned that anyone within these categories should assume their information may have been compromised.
Authorities have yet to determine the extent of the data breach, which could take several weeks. With concerns mounting, this incident raises critical questions about cybersecurity practices at educational institutions and the potential fallout for those affected.
As legal proceedings develop, the university’s response and the implications for the affected individuals will be closely monitored. Stay tuned for updates on this urgent situation as it unfolds.
