A former Simmons University student athlete filed a class action lawsuit this week, alleging that the school and former University of Michigan and Baltimore Ravens football coach Matthew Weiss gained unauthorized access to college athletic trainers’ databases at more than 100 colleges and universities. The plaintiff claims Weiss’s scheme could be “the largest incident of cyber voyeurism of student athletes in U.S. history.” The plaintiff claims the university and Weiss contracted with Keffer Development Services, the company that manages the Athletic Trainer System’s database, to access sensitive health and personal information of more than 150,000 students, along with access to students’ intimate photos.
Takeaway: News of data breaches and cyberattacks has become commonplace, demonstrating the legal consequences companies face when their cybersecurity measures fail to protect customer data. Colleges and universities have been increasingly on the hook for failing to protect both current and former students’ personal identifying information. New York University is currently facing four class action suits in the U.S. District Court for the Southern District of New York after allegedly failing to prevent a data breach in late March. The plaintiffs claim NYU failed to adequately protect their personal information after the breach compromised the personal information of more than 3 million students and applicants dating back to 1989.