A privacy watchdog filed a complaint with the Federal Trade Commission against a community college district in Arizona that lost the personal data of 2.5 million students and employees in two data breaches.The Electronic Privacy Information Center (EPIC) asked the FTC in its complaint Monday to bring an enforcement action in federal district court against the Maricopa County Community College District (MCCCD) for violating the “Safeguards Rule,” which requires customer data to be secured.EPIC, a nonprofit organization based in Washington, is also seeking that the MCCCD obtain an independent assessment to ensure that it is complying with the Safeguards Rule.MCCCD’s troubles are notable as the organization was warned after a small data breach affecting 400 people in January 2011 that it needed to shore up its systems. The FBI informed it at the time that information from its databases had turned up for sale on the Internet. Arizona’s Auditor General advised in November 2011 that the organization needed to strengthen access controls after finding terminated employees still had active user accounts on its network.A subsequent audit in November 2012 found the organization still had not adequately limited access to its systems, according to EPIC’s complaint. In April 2013, the FBI found 14 of MCCCD’s database for sale on a website, with data including names, addresses, Social Security Numbers, birth dates and financial aid information. The breach affected 2.49 million current and former students, employees and vendors.A class action suit was filed in April against MCCCD in Arizona’s Superior Court, which sought $2,500 for each plaintiff. That case’s docket suggests the lawsuit has been moved to a federal court.More than 265,000 students attend a network of 10 colleges, two skill centers and other education centers within MCCCD’s purview in Maricopa County in Arizona. The organization is responsible for coordinating and dispersing financial aid.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe