The suit, filed in federal court in Portland, accuses the college of failing to safeguard students’ sensitive information, including names, dates of birth, tax identification numbers, passport numbers, financial accounts and health information.
It alleges the breach occurred because the college stored students’ private information in an unencrypted, Internet-accessible environment.
An investigation that followed the breach found that an unauthorized third party accessed college files in late October, yet the college waited until January of this year to begin notifying people impacted, according to attorney Paul B. Barton, who filed the suit.
The named plaintiff, Aidan Zahn, said he has received a significant increase in spam calls that he believes was a result of the data breach.
There are at least 100 members of the alleged class, the suit said.
A spokesperson for the community college did not immediately comment on the suit when contacted Friday.
The suit is one of three suits that have been filed in federal court against the college since the start of the year that are likely to be consolidated. All are assigned to U.S. Magistrate Judge Jolie A. Russo.
An attorney for the college, Curt Roy Hinelin, was given until mid-March to respond to the suits in court, after seeking additional time to investigate” the allegations.
The college sent notices to people impacted on Jan. 8.
In the notice, the college said suspicious activity tied to one of its computer network’s user accounts was identified on Sept. 10 and the account was quickly reset. On Oct. 24, additional suspicious activity was discovered and the school “worked to contain” its network and prevent widespread interference. The college also hired a forensic security firm to investigate and ensure the network’s security, the letter said.
The investigation found an unauthorized party accessed a “small number of systems and acquired” files from the systems in late October. The college offered those impacted the opportunity to enroll in one year of credit monitoring and identity theft protections.
The suit seeks unspecified compensatory damages and punitive damages from the college, and an order that the school pay for no less than 10 years of credit monitoring services for those impacted.
©2026 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.
