Sunday, August 14, 2011
Attorneys report on negotiations that could lead to credit monitoring for UH data breach victims
by Larry Geller
The news that a new data security breach has occurred within the UH system broke yesterday largely in newsprint only, since the Star-Advertiser deleted itself from Google and other internet search engines. The front-page story began:
Nearly 2,000 current and former students at Kapiolani Community College were sent letters this week warning that they could be at risk for identity theft after the recent disappearance of three boxes of documents containing private personal information including identification and credit card numbers.
Officials said that on July 1 they learned that the boxes were missing from "a secured storage area" on the Kaimuki campus that UH officials would not identify.
[Star-Advertiser, Students at risk of ID theft, 8/13/2011]
The Star-Advertiser story follows coverage Friday night on KITV.
It appears that although the boxes were discovered missing on July 1, KCC waited until July 8 to call police. and waited again until last week to make the news public. In that space of time, of course, ID thieves could make ample use of the information without the victim’s knowledge that there was need to be concerned or to take protective measures such as changing credit card numbers.
Later on Saturday, attorney Tom Grande released a statement. Disappeared News readers have come to expect the full text, so here it is. In their own words:
University of Hawai‘i and Class Counsel in Serious Settlement Talks to Provide Credit Monitoring Services to Data Breach Victims
Class counsel for 100,000 University of Hawai‘i (“UH”) data breach victims said that they are engaged in serious settlement discussions with UH to provide credit monitoring and fraud restoration services to the 100,000 victims of four data breaches taking place in 2009 and 2010. “We are hopeful that we can complete settlement talks to offer all of the UH victims appropriate credit monitoring and fraud restoration protection,” said Thomas Grande, one of the attorneys for the class.
“The July 1, 2011 discovery that 2,000 records containing personal information at Kapiolani Community College (“KCC”) were lost or stolen again underscores the importance of providing credit monitoring and fraud restoration as a way of protecting data breach victims,” Grande noted. “Identity theft experts emphasize the need for immediate action to prevent the potential of personal information being misused. The sooner that a breach victim can enroll in a credit monitoring or credit protection program, the better protection that person can receive. Although there is still potential for identity theft several years after a data breach, affirmative steps to monitor credit reports and financial accounts should be taken as soon as possible,” Grande said.
“It is a very positive sign that Kapiolani Community College is considering offering credit monitoring in this most recent data breach,” said Bruce Sherman, who also represents the class. “We are hopeful that the ongoing settlement discussions provide the impetus to offer all of the breach victims appropriate credit monitoring and fraud restoration services,” Sherman stated.
“We have researched more than forty (40) data breaches at colleges and universities across the country. In almost every instance, credit monitoring and fraud restoration were offered to data breach victims immediately after the breach,” said Sherman. “Immediately offering credit monitoring to breach victims appears to be the best method to mitigate the potential and unfortunate consequences of any data breach. The willingness of UH to embrace this approach is extremely positive and should serve as a paradigm for government and private entities who expose private information,” Sherman added.