Marymount University and New York State Attorney General James Reach Agreement

Last Updated on September 22, 2023 by Robert C. Hoopes

Marymount Manhattan College (MMC) has agreed to invest $3.5 million in data security following a significant data breach in 2021. This breach affected approximately 100,000 individuals, including students, faculty, and alumni, exposing their sensitive personal information. Social security numbers, bank and credit card numbers, passport numbers, driver’s license numbers, and medical information were all affected.

An investigation conducted by the New York Attorney General’s Office found that MMC had failed to adequately secure its network infrastructure and update its policies to address emerging security concerns, leaving it vulnerable to the breach. As a result, MMC has entered into an agreement that requires them to make substantial investments to improve data encryption and security protocols to reduce the risk of future breaches.

Under the terms of the agreement, the college must establish and maintain a comprehensive information security program. This includes encrypting all personal information, implementing multi-factor authentication for users, and regularly updating security policies and firmware. These measures aim to ensure that MMC’s network and data are protected from potential cyber threats.

Attorney General Letitia James stressed the importance of institutions properly safeguarding online data. Failing to do so not only compromises the privacy and security of individuals but also exposes them to a range of risks. The agreement with MMC is part of the attorney general’s ongoing efforts to hold organizations accountable for poor data security practices.

In the past, the Attorney General’s Office has successfully reached settlements with various organizations, including Sports Warehouse, a medical management company, student cap and gown producer Herff Jones, the owner of SHEIN and Zoetop, and Wegmans. These settlements demonstrate a commitment to ensuring that organizations prioritize strong data security measures to protect individuals’ confidential information.

The Bureau of Internet and Technology within the Attorney General’s Division for Economic Justice handled the MMC case, with assistance from Internet and Technology Analyst Nishaant Goswamy. Their expertise in investigating data breaches was crucial in understanding the extent of the vulnerability and assessing MMC’s failures in securing their network infrastructure.

Moving forward, MMC’s investment in data encryption and security protocols will serve as a crucial step in mitigating the risk of similar breaches in the future. By taking these necessary precautions, the college aims to ensure the privacy and safety of their students, faculty, and alumni.