ECSI’s Negligence Places Untold Thousands of Students at Risk of Identity Theft Featured

A shocking disregard for even the most basic security measures enabled hackers to steal identities from hundreds of thousands of students.

A class action lawsuit was recently filed against Educational Computer Systems, Inc. (ECSI), a subsidiary of Global Payments Inc., after it announced a significant data breach that compromised the sensitive information of countless students and individuals affiliated with the financial company’s college and university clients.

ECSI provides schools and colleges with services related to past-due accounts receivable management, campus-based student loan servicing, tax document services, tuition payment plans, refund management, call center, and outsourcing services.

The Breach and Its Impact

From October 29, 2023, to February 12, 2024, ECSI experienced a data breach that exposed the personally identifiable information (PII) and financial details of potentially hundreds of thousands of individuals. According to the lawsuit, this breach occurred because ECSI, despite handling highly confidential information, failed to implement adequate security measures.

In the Notice of Data Breach mailed to affected individuals, ECSI’s online form allowed access to tax and financial records without requiring login or identity verification, leaving private data vulnerable to cybercriminals. Cybercriminals discovered this “security flaw” and manipulated ECSI’s online “guest” search function to exfiltrate personal and financial data at various times between October 29, 2023 and February 12, 2024.

To make matters worse, ECSI failed to notify data breach victims until months after the incident was purportedly discovered. Moreover, the notice letter included only “basic details” about the cyberattack and did not explain what precise information was stolen, what specific malware was used and what steps are being taken to protect stored data in the future.

As a result of ECSI’s negligence, affected individuals are now facing a significantly heightened lifetime risk of identity theft and fraud.

What Information Was Compromised?

The data breach exposed a range of sensitive information contained in IRS Forms 1098 E and 1098 T, including:

  • Social Security numbers
  • Name
  • Address
  • Financial account numbers
  • Tax forms detailing tuition, scholarships, and student loan payments

What is ECSI Doing To Protect My Identity?

ECSI announced that it has removed the “guest” tax search functionality from its system. It is offering affected individuals complimentary two years (24 months) credit monitoring and identity theft protection services.

If you receive a data breach notification from ECSI, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

ECSI’s Negligence

ECSI’s failure to safeguard your data was not a mere oversight. The company:

  • Did not institute proper security protocols despite handling highly sensitive information.
  • Allowed a major security flaw in their system, making it easy for unauthorized parties to access your data.
  • Disregarded the necessity of encryption and other security measures to protect data, even for internal use.

Your Right to Compensation and Security – Join the ECSI Data Breach Class Action

As a victim of this data breach, you have the right to seek justice. By joining a class action lawsuit, you can demand:

  • Actual and punitive damages for the harm caused by the data breach.
  • Injunctive and equitable relief to ensure that ECSI implements stringent security measures to protect your data moving forward.
  • compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The data breach lawsuit looks to represent anyone in the United States whose private and/or financial information was exposed to unauthorized third parties as a result of the data breach experienced by ECSI between October 29, 2023 and February 12, 2024.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.


Leave a Reply

Your email address will not be published. Required fields are marked *