Marymount University & Attorney General James: Agreement Reached – New York State Attorney General

Last Updated on September 22, 2023 by Robert C. Hoopes

Marymount Manhattan College (MMC) has agreed to invest $3.5 million in data security following a data breach that affected nearly 100,000 current and prospective students, faculty, and alumni, according to the New York Attorney General, Letitia James. The breach occurred in 2021 when a hacker accessed sensitive data, including social security numbers, bank and credit card numbers, passport numbers, driver’s license numbers, and medical information. The hacker demanded a ransom, which MMC paid before the stolen information was deleted.

An investigation by the Office of the Attorney General (OAG) found that MMC had failed to properly secure its network infrastructure and update its policies to address new security concerns. In response, MMC has agreed to invest $3.5 million over the next six years to improve data encryption and security protocols. The college must now maintain a comprehensive information security program, encrypt all personal information, use multifactor authentication, perform regular security updates and patch management, scan for vulnerabilities, and publicly share their plan for personal information.

Attorney General James highlights the importance of safeguarding personal data in the digital age and protecting New Yorkers from the risks associated with data breaches. This agreement is part of her ongoing efforts to hold companies accountable for poor data security practices. Recent actions by the OAG include securing funds from Sports Warehouse, a medical management company, student cap and gown producer Herff Jones, and the owner of SHEIN and Zoetop for similar data security failures.

The agreement with MMC was handled by Assistant Attorney General Nathaniel Kosslyn and Deputy Bureau Chief Clark Russell, with special assistance from Internet and Technology Analyst Nishaant Goswamy. The investment in data security is a crucial step towards ensuring the privacy and safety of MMC’s students, faculty, and alumni, and serves as a reminder of the increasing threat of data breaches in today’s digital world.