A Knox College alumnus has filed a class action lawsuit against Knox after a ransomware attack compromised sensitive data of students, alumni, and employees.
The complaint was filed Friday, Jan. 20th by a Jane Doe who resides in California although the case was filed in the U.S. District Court for Central Illinois.
The suit says that on Nov. 24, 2022, Knox lost “control over its current and former students’ highly sensitive personal information.”
The information leaked included names, addresses, social security numbers, driver’s license numbers, and passport numbers.
The plaintiff graduated from Knox in 2001 and says that when she attended Knox she was required to hand over her personal identifiable information and her personal health information.
The lawsuit indicates the number of victims could be in the thousands.
The complaint says that Knox didn’t notify victims until about Jan. 3., over five weeks after the college first discovered the breach.
Doe argues that the gap in time left victims unable to “proactively mitigate” the breach’s impact on them or give them a chance to protect their identities from theft.
Doe is seeking injunctive relief, damages, and restitution along with costs and reasonable attorneys fees and asks for a jury trial.
Knox College released a statement to the media Dec. 4 from VP of Communications and ITS Lisa Van Riper that admitted to a “system disruption” caused by ransomware.
Van Riper said that if it was determined that “any personal information was accessed during the incident” they would provide notification and assistance to all impacted individuals, “consistent with relevant state and federal law.”
Vice President for Administration and General Counsel at Knox, Brad Nolden says, “”Knox College has not been served with a complaint, but does not comment on pending litigation.”