Linn Freedman of Robinson + Cole writes:
PCS Revenue Control Systems, Inc. (PCS) was hit with a proposed class action lawsuit last week alleging that it discovered a data breach from a hacking attack in December 2019 but failed to notify the affected students until March of 2021.
According to the lawsuit, student information was collected by PCS’s predecessor, Advanced Business Technologies (ABT), which provided food, nutrition, and technology services for K-12 schools. The information alleged to have been collected by ABT and in the possession of PCS after the acquisition included the names, dates of birth, Social Security numbers, and student identification numbers of 867,209 students who attended K-12 schools in Alabama, Florida, Georgia, and Texas. It is unclear why a nutrition vendor needs Social Security numbers of students to provide services.
Via JDSupra.