Summerfield University is a higher education institution in California with a long history. There are 25,000 undergraduate and graduate students enrolled in programs including engineering and commerce. Chanelle Jumper is a 4th year commerce student.
Unfortunately, a data breach has taken place at Summerfield University. The personally identifiable information (PII) of several students was not only exposed, but also stolen.
Chanelle, like most of us, feels very protective of her personal data and decides to sue Summerfield University for the maximum allowed amount of $750. Following her cue, 19 other students also decide to sue the university. Summerfield University now finds itself battling a case worth $15,000.
In court, Summerfield University is able to prove that it had several security controls in place, including file server auditing, file integrity monitoring, email security, and data leak prevention. Summerfield also employed a real-time Active Directory auditing and security information and event management (SIEM) solution. The court finds that Summerfield took adequate measures to protect the PII of its students, and the breach took place due to a very sophisticated method of hacking. Therefore, Summerfield is not held liable.
Since the violation was unintentional, the California Attorney General levies a fine of $2,500 to Summerfield. Without adequate security measures, Summerfield would have been levied a fine of $7,500 in addition to the $15,000 it would have owed the students.