Sacred Heart University bought and maintained records of my personal information including my Social Security Number and other information useful for identity fraud on under-secured servers despite never having recieved consent from me to do so, never having recieved ANY communications from me whatsoever, not having any legitimate use for such sensitive information, and knowing that it's systems were at high risk from hackers. In May of 2006, the inevitable occured and a hacker gained access to mine and 135,000 others' personal information. The university responded by sending out letters instructing each of us to use our own time and money to file fraud alerts for our credit reports; which is the very least the university should have done for us itself. I'm seeking damages equal to the cost of professional credit monitoring services for 5 years for each plaintiff in the case as well as associated legal fees, this number is estimated at 67,520,000 if all 135,000 plaintiffs were paid.