Posted On January 26, 2022 Consumer Privacy & Data Breaches
January 26, 2022 – Midland University recently announced a data breach stemming from a malware attack. Malware is short for “malicious software.” Malware users will install the software over a network onto the victim’s device. From there, the program can wreak havoc, including scouring the device for any personal information. While details about the breach are still forthcoming, as a result of the breach, the names, addresses, driver’s license numbers, state identification numbers, and Social Security numbers of certain individuals were compromised.
Given that this breach is developing, little is known about its causes or the risk it presents to consumers. However, Midland University explains that it was a “sophisticated malware attack.” Data breaches stemming from malware attacks such as this one can occur in a variety of different ways. Often, they are often the result of a hacker breaching an organization’s network systems and installing a harmful file that is capable of sending certain information back to the party orchestrating the attack. While there is no telling why Midland University was the target of this recent cyberattack, hackers often target organizations that have vulnerabilities in their data-security technology.
In many data breaches, due to technological limitations, companies cannot identify which parties’ information was accessed or whether the hacker retained any of their data. However, Midland confirms that it was able to determine that the unauthorized party downloaded certain information. Which information was downloaded, however, is not clear. Regardless, those impacted by the breach are at a much higher risk of identity theft. Given these risks, it is essential for anyone who received a data breach letter from Midland University to take the necessary steps to protect themselves and enforce their rights as consumers.
Those who received a Midland University data breach letter should make themselves aware of all the risks involved and take the necessary precautions to reduce the likelihood of identity theft. While the fact that your data was compromised doesn’t necessarily mean the unauthorized party will use it for criminal purposes, that is not an uncommon result. This is especially the case in recent years, as the COVID-19 pandemic gave hackers and other criminals ample opportunity to take advantage of organizations that may have neglected their data security systems given the other issues they are facing.
However, all businesses have a duty to protect consumer data, as do educational institutions such as Midland University. If evidence surfaces that Midland University was negligent in how it maintained your sensitive information leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
When you provided Midland University with your personal information, you trusted it would keep your information secure. Certainly, anyone in your position would assume that the University would take whatever steps were necessary to prevent criminal actors from accessing sensitive consumer data. However, news of the this data breach raises some concerning questions about the adequacy of the organization’s data security measures.
All organizations have an ethical and legal obligation to ensure sensitive consumer information in their possession stays private. And while developing and maintaining an effective data security system can be a burden, it is also a necessary cost, given the frequency with which these data breaches occur.
The U.S. data breach laws permit consumers to sue organizations that fail to protect their sensitive data. However, these laws are complex, and news of this data breach is quite fresh. Thus, as of right now, there is not yet evidence indicating Midland University bears responsibility for the malware attack. However, that may change, as our data breach lawyers are looking into the breach to determine what legal remedies consumers may have against the organization.
If you have questions about your ability to bring a data breach class action lawsuit against Midland University, you should contact a data breach attorney as soon as possible.
If Midland University sent you a data breach letter, you were among those whose personal data was accessible—and possibly downloaded—in the recent data breach. This means that a total stranger—possibly a criminal—could have your personal information in their possession. While you can’t be sure why they would want your information or what they intend to do with it, the situation calls for a certain level of care and attention. Given the heightened risk of identity theft that comes along with a data breach, it is important that you remain vigilant to protect yourself by taking the following steps:
Founded in 1883, Midland University is a liberal arts college with two campuses in Omaha and Fremont, Nebraska. The institution provides instruction in more than 30 academic areas, four graduate programs, and a variety of professional studies programs. Recently, Midland University was named as the 9th fastest-growing private, nonprofit baccalaureate institution in the United States.
According to Midland University, on January 18, 2021, the organization first noticed that it was subject to a malware attack that encrypted certain files on the institution’s network. In response, Midland University secured its systems, restored access, and launched an investigation to determine the extent of the cyberattack. This investigation confirmed that an unknown actor gained access to certain files on January 18, 2021, and downloaded some of those files. These files contain all or some combination of the following information pertaining to 13,716 individuals:
Subsequently, around December 22, 2021, Midland University began sending out written notice of the breach to all affected parties, describing what occurred and informing employees on what they could do to protect themselves. While Midland University has no knowledge that the malware attack resulted in the actual use of anyone’s information, the organization encourages those who received a data breach letter to remain vigilant, looking out for any signs of identity theft, fraud, or other unauthorized activity.
Below is a copy of the initial data breach letter issued by Midland University (a sample of the actual notice sent to consumers can be found here):
Dear [Consumer],
Midland University (“Midland”) is writing to inform you of an event that may impact the security of some of your information. While we have received no indications of actual misuse of your information as a result of this event, this notice provides information about the event, our response, and resources available to you to help protect your information from possible misuse, should you feel it appropriate to do so.
What Happened? On January 18, 2021, Midland identified that its network had been impacted by a malware attack that encrypted certain files. We immediately launched an investigation to determine the nature and scope of the event. We quickly worked to: (1) secure our systems; (2) restore access to the information so we could continue to operate without disruption, and (3) investigate what happened and whether the event resulted in any unauthorized access to, or theft of, information by the unknown actor. Through our investigation, we determined that the unknown actor gained access to certain files on January 18, 2021 and downloaded a subset of those files.
We then worked with third-party specialists to perform a comprehensive review of the affected files to determine what information was impacted and to whom the information related. Upon completion of the review, we then conducted a time-intensive manual review of our records to determine the identities and contact information for potentially affected individuals. On or around December 22, 2021, we confirmed address information for affected individuals to provide notifications.
What Information Was Involved. Our investigation determined that the impacted information may have included your name and <<Breached elements>>.
What We Are Doing. The confidentiality, privacy, and security of information in our care are among our highest priorities, and we take this incident very seriously. We reviewed our security policies and procedures to reduce the risk of similar future events. Although we do not have any indication of identity theft or fraud as a result of this event, we are offering complimentary credit monitoring and identity restoration services through Equifax for <<CM Length>> months as an added precaution. We also reported this event to federal law enforcement and notified appropriate state regulators.
