Seattle-based Washington State University settled a class-action lawsuit, which stemmed from an April 2017 data breach, for $5.26 million, according to The Spokesman-Review.
The burglary at an Olympia, Wash., storage facility put the sensitive information of nearly 1.2 million people at risk. A safe that included a hard drive with individuals' names, Social Security numbers and personal health records was stolen.
While the robbery remains unsolved, the university is unaware of any misuse or identity fraud from the security breach, reports The Spokesman-Review. The data that was stolen was collected by WSU's Social and Economic Science Research Center.
Plaintiffs argued that they were unaware their information was being stored and that the university was negligent in storing the hard drive in an unsecure location.
Along with the $5.26 million settlement, WSU will provide those affected additional credit monitoring and insurance services for two years. Most of the settlement will come from the university's private cybersecurity insurance policy and the state risk pool, according to a WSU spokesperson.
The university has agreed to destroy the information that may have been affected from the security breach. WSU no longer stores personal information in rented self-storage units.
More articles about cybersecurity:
EmCare says February email breach exposed some patient, contractor and employee data
Maine hospital breaches HIPAA by emailing the names of 300 patients taking Suboxone to newspaper
Scammers pay for DNA swabs, health insurance information to defraud CMS