Regents approve $5.6 million settlement

University will allow compensation for those with stolen data



Phil Weiler, vice president for university marketing and communications, discusses the strategic financial plan for WSU to become a top university by 2030 on Feb. 5 in the French Administration building.

CHERYL AARNIO, Evergreen reporter

The Board of Regents approved a settlement of up to $5.26 million for a class-action lawsuit about a data breach that occurred around two years ago.

Phil Weiler, vice president of marketing and communications, said the final settlement has not happened yet. The Board determined that WSU President Kirk Schulz will negotiate what the final settlement will be.

The settlement is still being drafted and should be finished within the next 60 days, Weiler said in an email.

He said once the settlement is negotiated, the university will tell the people whose data was stolen that they can receive compensation if they so choose.

Weiler said he thinks some of the settlement money will go to legal fees.

The money to settle this lawsuit will come from WSU’s private insurance and WSU’s insurance through Washington state, he said.

“The total cost to the insurance company will depend on how many people decide that they want to follow through,” Weiler said. “That will determine how much of that $5 million actually gets spent.”

In May 2017, the backup hard drive with data generated by WSU’s Social and Economic Sciences Research Center was stolen, he said. The hard drive contained sensitive information of about 1.2 million people at WSU.

Weiler said he believes the Olympia Police Department never found any suspects for who could have taken the safe that contained the hard drive.

He said the university has no reason to believe that the information on the hard drive was ever used.

There were different files containing information, Weiler said. For example, one file would have contained names and another file would have had phone numbers. The thieves would have to work to figure out which names went with which contact information.

“We never received any information from the credit-monitoring firm, that I’m aware of, that indicated that their data had been compromised,” Weiler said.

Immediately following the breach, he said, the university looked at the information that was being saved and what information WSU needed to save. The university also looked at the back-up protocols to make sure back-up information will not be compromised.