Stranch, Jennings & Garvey (SJ&G) is one of four law firms serving as Counsel for Plaintiff and the Proposed Class in a new class action lawsuit filed against Oklahoma City University.
The lawsuit, Maria Ruskiewica v. Oklahoma City University (OCU), claims the University was negligent in handling the storage of student and employee data, which resulted in a “preventable” data breach that allowed unauthorized disclosure of thousands of current and former students’ and employees’ personal information into the public domain. The information included names, addresses, Social Security numbers, driver’s licenses, state ID numbers and passport numbers. Because of the cyberattack, these individuals “have had to, and will continue to have to, spend time, effort and money to protect themselves from fraud and identity theft.”
According to the lawsuit, which was filed April 10, 2023, in the United States District Court for the Western District of Oklahoma, OCU’s network was unauthorizedly infiltrated and encrypted in July of 2022, resulting in a third party gaining access to the personal information of approximately 27,229 individuals. These individuals were not notified of the data breach and compromised information until they received a letter from OCU in March of 2023, eight months after the incident occurred.
In addition, the lawsuit asserts that “while OCU alleges it discovered the data breach on Jan. 27, 2023 … OCU’s own notice letter indicates that it discovered the breach immediately, on July 23, 2022, and that an investigation was instituted, but it failed to notify affected persons in a timely manner until March 20, 2023.”
“This data breach was preventable and a direct result of OCU’s failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect individuals’ personal information,” says J. Gerard Stranch IV, founding and managing member of SJ&G. “This constitutes an unfair act or practice prohibited by Section 5 of the Federal Trade Commission Act (FTC Act or FTCA), which prohibits ‘unfair or deceptive acts or practices in or affecting commerce.’
“OCU was obligated by federal law, its own policies and industry standards to keep this information confidential and protect it from unauthorized access and disclosure, but they failed to adequately implement such policies. OCU breached its obligations to the plaintiff and class members, and was negligent and reckless because it failed to properly maintain and safeguard the personal information on its systems. As a result, the plaintiff and class members now face, and will continue to face, a heightened risk of identity and fraud for the rest of their lives.”
The lawsuit alleges that OCU disregarded the rights of the plaintiff and proposed class members by failing to:
- take and implement adequate and reasonable measures to ensure that the personal information it stores was safeguarded;
- take available steps to prevent the data breach from occurring;
- follow the mandatory, applicable and appropriate protocols, policies and procedures; and
- timely notify the plaintiff and proposed class members.
The plaintiff is suing on behalf of the class for negligence, breach of contractual duty, unjust enrichment, invasion of privacy and violation of the Oklahoma Consumer Protection Act, and seeks certification of the class action, along with damages, fees, costs and a jury trial.
SJ&G is represented in this lawsuit by J. Gerard Stranch and Andrew E. Mize. The additional law firms serving as Counsel for the Plaintiffs and the Proposed Class include Indian and Environmental Law Group, PLLC of Tulsa, Oklahoma; Cohen & Malad, LLP of Indianapolis, Indiana; and Turke & Strauss, LLP of Madison, Wisconsin.