Lawyers petitioned a district court on Monday to consolidate a series of class-action lawsuits filed against Penn following an Oct. 31 data breach.
The Nov. 17 filing seeks to combine more than a dozen suits filed in the two weeks since the cybersecurity attack, all of which alleged Penn did not take sufficient steps to protect confidential data. The consolidated class-action case would assume the name of the first plaintiff, 2014 College graduate Christopher Kelly, and include all other “similarly situated individuals.”
A University spokesperson declined to comment on ongoing litigation.
Kelly’s initial filing claimed that Penn was negligent in several areas, including failing to “maintain an adequate data security system to reduce the risk of data breaches and cyber-attacks,” “properly monitor its own data security systems for existing intrusions,” and “ensure that its vendors with access to its computer systems and data employed reasonable security procedures.”
The individual class-action suits also argued that the breach appears to be more damaging than the University has acknowledged.
On Nov. 14, Penn stated that the amount of data obtained by hackers in the breach — previously claimed by the hackers to be 1.2 million — was “mischaracterized” and “overstate[d].” At the time of publication, the University's “Cybersecurity incident information and FAQ” webpage on the incident states that Penn cannot provide a precise number of people impacted amid an ongoing internal investigation.
In a recent update, Penn added that the University will “notify any individuals with impacted personal information” once the investigation is complete — a process the page stated will “take time.”
The lawsuits came after a series of mass emails on Oct. 31 were sent to the Penn community from multiple University-affiliated addresses. The emails contained criticism of the University’s security practices and institutional purpose, and included profane language.
RELATED:
Penn GSE Dean Katharine Strunk discusses research, training collaboration with Phila. public schools
Penn GSE receives $1 million donation from Google to expand AI in education initiative
“All of the emails are incredibly offensive and in no way reflective of Penn or Penn Graduate School of Education’s mission or values," a message to the Penn community following the original incident read. "We sincerely apologize for the harm this has caused and is causing."
RELATED:
Penn GSE Dean Katharine Strunk discusses research, training collaboration with Phila. public schools
Penn GSE receives $1 million donation from Google to expand AI in education initiative
Senior reporter Arti Jain covers state and local politics and can be reached at jain@thedp.com. At Penn, she studies economics and political science. Follow her on X @arti_jain_.
