By Hope Benjamin
Elm Staff Writer
In November, some members of the Washington College community received a notice in the mail regarding a settlement that the institution is facing for a possible breach in user data, which those members could claim benefits from.
According to GovTech, WC is finalizing this settlement after four alumni brought forth a class action lawsuit over data stolen in a ransomware attack in February 2023. The College identified the perpetrator as an unauthorized actor who was able to access the data via VPN.
WC was unaware of the attack until 31 days after this breach began and could not confirm what information was stolen and when. The court is expected to finalize this settlement in May.
The settlement info page states that victims of the attack were contacted previously about the incident. These individuals may be reimbursed up to $5,000 in losses, up to three hours of lost time at the rate of $25 an hour, up to $500 dollars in ordinary losses, three years of credit monitoring and identity protection services, and an alternative cash payment option.
If these conditions are finalized, all 13,168 victims could claim $5,000 in qualifying losses, which makes the College liable for $65.8 million. In the alternative option, if each victim claimed $50 cash, that would translate to $658,400.
The card explained how affected WC students can claim their benefits and the requirements for the process.
“You can submit a claim which is available at washingtondatasettlement.com, and you must have received a letter from the data insurance company informing you of information being stolen. If you did not receive a letter, you will not be eligible for the claim,” Associate Director of Client Support and Technical Services Daniel Ortega said.
Vice President for Marketing and Communications Brian Speer assured the campus community that the Office of Information Technology and the College dealt with the insurance aspect of the data breach.
“Breaches typically involve some sort of class action suit and this was no exception. The suit went right into settlement with the College’s insurance covering the full cost,” Speer said.
Any personal information involved in the breach was not misused. After the breach happened, the College shifted to an internally staffed IT Department and also made significant progress to implement best practices to secure the College’s data and networked resources.