http://www.athensnews.com/issue/article.php3?story_id=25861 By Jim Phillips Athens NEWS Senior Writer 2006-09-07 The attorney for two Ohio University alumni who sued the university for letting computer hackers access their Social Security numbers has responded vigorously to a bid by OU to have the case thrown out of the Ohio Court of Claims. Cincinnati attorney Marc D. Mezibov's firm represents OU alums Donald Jay Kulpa and Kenneth D. Neben, of Cincinnati and New Jersey, respectively. Mezibov argued in a recent court filing that in moving to have the two men's suit dismissed, OU "attempts to hurriedly dispose of this case without having to answer any important questions about its failure to protect the private information, including Social Security numbers, of an estimated 173,000 students and alumni." Kulpa and Neben sued the university June 23, over a series of incidents in which computer "hackers" accessed OU databases containing personal information on thousands of students, alums, donors and subcontractors. The two want to have their suit classified as class-action litigation, on behalf of all the people affected by the computer security breaches. They seek to have OU pay for credit-monitoring services for all the plaintiffs. OU's state attorney has asked Judge Clark B. Weaver, Sr., to either dismiss the suit, or grant summary judgment in OU's favor. Randall W. Knutti of the Ohio Attorney General's office has argued that the tens of thousands of people whose computer files were accessed "could never constitute a class" in a legal sense, because all they have in common is the fact that someone gained access to their Social Security numbers. Knutti also contended that the plaintiffs can't point to any actual damages they've suffered from the security breaches, but base their claims only on "a generalized fear of future harm." Mezibov replied in a memorandum filed Aug. 28 that "the crux of OU's argument is that plaintiffs and the putative class 'have not been harmed in any way.' Yet in the same breath, OU admits that it issued letters to plaintiffs warning them of the serious risk of identity theft caused by its breach, admits that 33 individuals have reported actual identity theft, and most astoundingly, admits that the putative class members 'someday might be harmed as result of these security breaches.'" He goes on to slam OU for its dismissal motion that he claims "ignores the record, ignores procedural and substantive law, and engages in irrelevant attacks against plaintiffs' counsel simply for seeking to hold it accountable for its undisputed failures." Mezibov has asked Judge Weaver to either deny OU's motion, or postpone considering it until after Mezibov has a chance to rebut its claims. The attorney argued in his memorandum that OU relies on evidence outside the legal complaint to support its request for dismissal or summary judgment. These include "a large number of affidavits and documents outside the complaint - some of which are unauthenticated and inadmissible hearsay," Mezibov maintained. In support of Kulpa and Neben's claim that the security breaches inflicted damages on them, Mezibov cited Ohio Supreme Court rulings that he said have "repeatedly acknowledged the harm attendant to a government entity's disclosure of an individual's Social Security number." These include a 1994 case involving the Akron Beacon Journal and the city of Akron, in which the court wrote that disclosure of a Social Security number to an unscrupulous individual is "potentially financially ruinous" to the holder of the number. Though OU has claimed that Kulpa and Neben cannot point to any actual injury, Mezibov calls this assertion "simply incorrect. Plaintiffs allege repeatedly that they have been injured by OU's failure to protect their confidential information." AN ATHENS WOMAN, meanwhile, has filed a pair of unlikely federal lawsuits connected to the security breaches, naming as defendants OU and Moran Technology Consulting, a company that investigated and wrote a report on the hacking incidents. In suits filed in June and July without benefit of legal counsel, Cinseree Johnson has demanded $1.5 million in damages from each of the two defendants. She alleges that before the security breaches, she had submitted "numerous requests" to OU asking that her personal data not be stored electronically, and expressing concerns about possible data theft, which she claims OU ignored. She alleges that Moran "destroyed documents pertaining to an Ohio University audit which they conducted. With this act, the company destroyed documentary evidence and obstructed a pending proceeding." (The company had said it disposed of notes it used to write its report, though recently it announced that it had found electronic copies of the notes in old e-mails.) OU has moved to have both the cases dismissed. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Fri Sep 08 2006 - 01:41:04 PDT