2 former Michigan student-athletes say intimate images were stolen by ex-football coach in lawsuit
Former University of Michigan assistant football coach Matt Weiss pleaded not guilty to federal charges Monday as two women filed a class-action lawsuit alleging they were victims of a scheme to access private student accounts.
Weiss was charged in a 24-count indictment last week after federal prosecutors accused him of accessing the digital accounts of 3,300 student-athletes to download their intimate photos and videos. He pleaded not guilty on all charges and was released on a $10,000 unsecured bond, court records show.
Two women sued Weiss, the university, its Board of Regents and the company that managed the information of student athletes Weiss is accused of using to download personal information.
The women are "embarrassed, ashamed, humiliated, and mortified" that their private information has been accessed by total strangers and third parties, the lawsuit says.
Federal investigators accused Weiss of using the passwords of his colleagues with elevated access to the student-athlete database to download personally identifiable information and medical data of more than 150,000 athletes.
According to Weiss' indictment, he used the information to gain unauthorized access to more than 3,000 accounts belonging to students and alumni.
He then downloaded their private, intimate photos or videos from their email, social media or cloud storage accounts, the indictment said.
Weiss was fired in January 2023, The Associated Press reported.
The two women, identified only as "Jane Doe 1" and "Jane Doe 2," filed the suit in the Eastern District of Michigan as a potential class action claim. One is a former Michigan gymnast from 2017 to 2018, and the other is a Michigan soccer player who was on the school's team from 2017 to 2023.
Their suit alleges multiple violations of the law by Weiss and the other parties, including violations of Title IX protections, violations of their civil rights and violation of civil laws such as the Computer Fraud and Abuse Act.
The University of Michigan and Keffer Development Services were accused of gross negligence in their handling of student data.
'The recklessness and negligence and misconduct of the Regents, the University, and Keffer in these respects enabled Weiss to target female college athletes to obtain their private and sensitive information without authorization, including but not limited to Plaintiffs,' the suit says.
Kay Jarvis, the university's public affairs director, said the school has not been served with the suit and "cannot comment on pending litigation."
An attorney for Weiss did not immediately respond to a request for comment about the case Monday. Keffer Development Services did not immediately respond to a request for comment.
This article was originally published on NBCNews.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
5 hours ago
- Yahoo
These former college athletes were told a coach may have hacked into their private photos
Volleyball has been a source of joy for Aly Torline, shaping her from a kid in club leagues to collegiate athlete. The 30-year-old 'can't say enough good things' about her experience at the California State University in San Bernardino. She was recognized as an all-American by a national coaching organization and said the relationships with her teammates and coaches helped shape her into the woman she is today. For more on this story, watch 'NBC Nightly News with Tom Llamas' tonight at 6:30 p.m. ET/5:30 p.m. CT. But nearly 10 years after graduation, Torline received a notice from federal authorities. The news it delivered, she said, was 'brutal.' The Justice Department informed her that her time on the team exposed her to a data breach: A football coach from across the country whom she had never met is alleged to have used student-athletes' personal information to access their email, cloud storage and social media accounts and download their private, intimate photos or videos. 'Thinking about what he might have or does have, and not exactly knowing, it just, it makes me feel really vulnerable,' Torline said in an interview. 'I felt like a lot of what I thought was private or protected wasn't, and maybe some of that was just, like, an illusion.' A federal indictment in March charged former NFL and University of Michigan assistant football coach Matt Weiss with 14 counts of unauthorized access to computers and 10 counts of aggravated identity theft. According to the indictment, Weiss obtained unauthorized access to a platform with personal identifying information about student-athletes from more than 100 colleges and universities across the country. Weiss is accused of using the information, and additional internet research, to hack into the personal accounts of 3,300 students and alumni, mostly targeting female students, according to prosecutors. He kept notes on whose photos and videos he viewed, 'including notes commenting on their bodies and their sexual preferences,' the indictment said. Weiss pleaded not guilty to all charges in March. His attorney didn't respond to multiple requests for an interview and comment. Like Torline, many of the student-athletes who got the same notice don't know Weiss and have no idea what he might have taken. They said they aren't even sure which accounts might have been accessed or whether they're university accounts. Former student-athletes who got notices from the Justice Department that they may have been hacked, four of whom are coming forward publicly for the first time, detailed to NBC News the fear and uneasiness they say they've felt since they were identified as potential victims. They're calling for accountability — and answers. Torline is one of dozens of Weiss' alleged victims being represented by attorneys Megan Bonanni and Lisa Esser in a civil class action lawsuit. The complaint describes the allegations against Weiss as potentially 'the largest cyber sexual assault against student-athletes in U.S. history.' Bonanni and Esser have represented dozens of sexual abuse victims, including victims of Larry Nassar, a sports doctor at Michigan State University who was convicted of sexually abusing hundreds of young athletes, including members of the U.S. women's gymnastics national team. Bonanni and Esser say there has been an emotional impact on many of the 81 people they've spoken to in the Weiss case. 'It really is someone who took — without permission — very intimate, private images that are sexual in nature,' Bonanni said. 'And so, when that kind of betrayal, when that kind of assault, happens, it is a sexual assault.' Of the dozens of people Bonanni and Esser are working with, all five who spoke to NBC News said they haven't received any more details from federal authorities or their alma maters. A spokeswoman for the U.S. Attorney's Office for the Eastern District of Michigan declined an interview request from NBC News, citing the pending criminal case against Weiss. All five student-athletes expressed deep anxiety over being left in the dark about what may have happened. A 30-year-old woman, whom NBC News agreed to keep anonymous given the sensitive nature of the case, said she started college when she was 17 and can't help but wonder how far back Weiss could have accessed her photos. She says she's constantly digging in her mind to figure out what might have been taken from her and how young she may have been in the images. 'I still, like, wake up some days and I'm just like who, what, where, when, why and how?' she said. 'And I don't know if I'll ever get answers to that.' Towson University in Maryland, which the woman attended, told NBC News it sent notices to 'potentially effected athletes of the breach' in early June. There's still little clarity about how Weiss is alleged to have accessed the private information and how he may have been able to hack into so many accounts. Torline's lawsuit, filed in U.S. District Court for Central California in April as a Jane Doe, names Weiss, CSU-San Bernardino and a third-party company that owns database software that prosecutors say in the indictment Weiss used, Keffer Development Services. A search for Keffer Development Services leads to a website for The Athletic Trainer System, which says it was founded in 1994 and appears to also use the name Keffer Development Services. Its website says its electronic health records system is used by more than 6,500 organizations, including schools, and serves 2 million athletes. It also says it is HIPAA-compliant, referring to the federal law meant to protect medical records and other personal health information. According to the indictment, Weiss was able to gain access to Keffer databases by compromising accounts with elevated access, like those of athletic trainers. From there, the indictment says, he downloaded the passwords and personal information of student athletes. According to federal prosecutors, Weiss was able to access the personal identifying information for more than 150,000 athletes. This information included some encrypted files containing passwords he was allegedly able to decrypt. Weiss then, the indictment says, conducted additional internet research to learn athletes' 'mothers' maiden names, pets, places of birth, and nicknames.' From there, he was able to access student athletes' mail, cloud storage or social media accounts and download personal and intimate photos and videos, according to the indictment. In several instances, Weiss was able to exploit 'vulnerabilities in universities' account authentication processes' to access student and alumni accounts, the indictment said. There are also several unnamed 'technology providers' from which prosecutors said Weiss accessed students' photos, videos and private information. Attorneys for Keffer Development Services declined to comment. A spokesperson for CSU-San Bernardino said in a statement that it has no record of any contracts or payments to either Keffer Development Services or The Athletic Training System. NBC News wasn't able to find a publicly available list of the company's clients. CSU-San Bernardino didn't comment on whether it had taken action to inform students who might have been affected. Bonanni doesn't believe there is 'one uniform answer' to the question of how Weiss was able to access individual data, as authorities allege. 'From our understanding, there were multiple failures,' Bonanni said. 'There were vulnerabilities in college and universities' account authentication processes, as well as vulnerabilities from a third-party vendor, Keffer, and also unnamed technology providers.' The only connection to the case that the potential victims who spoke to NBC News can identify between themselves and Weiss is that they were college athletes. Clayton Wirth, 27, enjoyed playing soccer at the University of Kentucky. His time in school may have been 'intense' thanks to early morning training and hard-fought games in addition to his studies, but he loved it. Now, he questions whether he put collegiate athletics on a pedestal. Wirth said that though he has gotten general alumni mail from his alma mater, no one from the University of Kentucky has reached out to him to alert him about the breach. He feels betrayed by the school he trusted and dreamed of playing for as a kid, he said. The university failed to protect people who 'they essentially promised the world to,' Wirth said. 'It's like, hey, we looked up our entire lives to you, and then we gave you the keys, and you basically said, 'Well, we don't care about you at all.'' A spokesperson for the University of Kentucky told NBC News it hasn't received any notice from the Justice Department, including information about any other details about potential impacts on its students or alumni. It also said it doesn't use Keffer Development Services. 'We are committed to the safety and well-being of our student athletes and would promptly notify individuals if we were notified of a breach involving our systems,' the spokesperson said. The U.S. Attorney's Office for the Eastern District of Michigan did not respond to a request for comment about whether they contacted all schools with students or alumni affected by the breach. Bonanni and Esser, the attorneys, noted that the Federal Trade Commission recommends a number of safeguards to protect private information, including multi-factor authentication. Multi-factor authentication, which the FTC recommended as early as 2016, requires more than just a password to log in, and it apparently wasn't enabled on many of the student email accounts, Esser said. (Other accounts, like social media, were also breached in the hack, according to the indictment). 'The sheer size and scope of this hacking and that occurred, I think, informs us that there clearly are protocols and safety measures that aren't and weren't in place,' she said. Torline and another woman, a former swimmer who has also filed a lawsuit in the data breach, allege in their suits that neither their colleges — CSU-San Bernardino and Malone University — nor Keffer Development Services required multi-factor authorization. Both former student-athletes told NBC News that they couldn't recall their universities' ever issuing guidance or information about how to secure their personal data. The former swimmer, Stephanie Sprague, 26, said she couldn't have imagined that a single year of swimming at Malone University, a private university in Canton, Ohio, could have left her so exposed. 'When it really hit me that this was happening, I was kind of, like, embarrassed, and I felt shame, like upon myself, when I know it's not my fault and I'm not the person who should be feeling this way,' said Sprague, who fears what consequences the episode could have on her nursing career. She sued Malone, Keffer Development Services and Weiss in April as a Jane Doe, accusing the university of failing to safeguard students' private information. No one from Malone University reached out to Sprague to discuss the breach before she spoke to NBC News, she said. Malone University didn't respond to a request for comment. What she wants now is accountability and assurance that changes will be made to prevent such a breach from happening to other students. 'They're not admitting that this happened,' Sprague said. 'They're not putting any comfort or ease into our minds. They're just brushing it off.' Like Sprague, Maddie Malueg, 28, feels her time playing soccer in college left her vulnerable. Student-athletes spend so much time focused on their educations and sports with the 'assumption that the information that was provided to our universities would be protected,' said Malueg, a former goalkeeper for Radford University in Virginia. A spokesperson for Radford said that the university has had no communication from authorities in relation to the breach and that it hasn't contracted services from Keffer Development Services. The school added that it takes data privacy very seriously and 'will continue to monitor the national situation closely.' Malueg, who is in a dental residency at Ohio State University, said, 'They let us down, and that information actually wasn't protected securely.' She, too, wants accountability. All of the parties involved need to look at how to make sure it doesn't happen again, Malueg said. 'There's really not an excuse anymore,' she said. 'If you collect the data, you need to protect it.' CORRECTION (June 6, 2025, 4 p.m. ET): A previous version of this article misspelled the last name of a former Radford University goalkeeper. She is Maddie Malueg, not Maleung. This article was originally published on
CBS News
5 hours ago
- CBS News
University of Michigan accused of using undercover investigators to spy on pro-Palestinian students
There are new claims from University of Michigan students who say undercover investigators have been following and recording them due to their participation in pro-Palestinian protests on campus. The students claim this has been happening for at least the past year. CBS News Detroit spoke with one of those students who shot video of one of the alleged investigators, whom he claims the university contracted through its agreement with City Shield Security Services. Josiah Walker is entering his senior year at U of M, but he says his junior year, when he served on the executive board of now-banned SAFEUmich, was defined by fear and paranoia. That was when he said he found out he was being followed by undercover investigators, who he believes targeted him for protesting the war in Gaza. Walker says he kept seeing the same people in the same vehicles filming him and other protesters. He turned the camera around on this man who, in their first interaction in July 2024, allegedly claimed to have a disability, and in their second interaction two weeks later, claimed Walker was trying to rob him. "It was extraordinarily racist of this individual to do what he did, and it was extremely ableist to do what he did, and it was also extremely dangerous because a bystander could have intervened more violently," Walker said. The university didn't deny the surveillance accusations in a statement, and defense attorneys even planned on using the evidence in court when arguing several trespassing charges stemming from the pro-Palestinian encampment that was broken up in May 2024. Walker faced two trespassing charges that Michigan Attorney General Dana Nessel eventually dropped. "It shows exactly what we've been saying from the beginning, that there's an underlying bias against Palestinian advocacy and pro-Palestinian voices at the University of Michigan," said defense attorney Amir Makled. Walker claims these undercover agents were contracted with the university through a Detroit-based company called City Shield, and that business relationship is public on the university's website. Responding to Walker's video, the university said in a statement, "The University of Michigan does not tolerate behavior by employees or contractors that demeans individuals or communities, including those with disabilities. We are disturbed by the behavior displayed on the video and are taking appropriate next steps." Public records show the university spending hundreds of thousands of dollars on City Shield services between June and September 2024. Still, a university official told CBS News Detroit many of those dollars are going toward 24/7 security for university employees who've been subject to hate crimes at their homes, offices and businesses that pro-Palestinian groups have taken responsibility for. The officials said that money also goes toward hiring security for events and gatherings on campus. Most recently, pro-Palestinian activists are thought to be behind the damage and vandalism of hundreds of plants at the university's famed peony gardens. The university also claims it never use security resources to target individuals or groups based on their beliefs, but the official I spoke to who didn't want to go on camera says this is different because many of the members of these pro-Palestinian groups are also being investigated for criminal activity that happen to stem from their beliefs. CBS News Detroit reached out to City Shield for comment. The University of Michigan issued the following statement on the incidents: The safety and privacy of our students, faculty, staff, and visitors are of utmost importance to the University of Michigan. The University takes a layered approach to campus security and evaluates needs based on a range of factors, particularly during periods of heightened activity or concern. Security decisions are made solely to maintain a safe and secure environment and are never directed at individuals or groups based on their beliefs or affiliations. We do not comment on specific security tactics or operational details to preserve their effectiveness. The University of Michigan does not tolerate behavior by employees or contractors that demeans individuals or communities, including those with disabilities. We are disturbed by the behavior displayed on the video and are taking appropriate next steps. We ask anyone who witnesses or experiences inappropriate behavior by an employee or contractor to report it to DPSS or the Equity, Civil Rights, and Title IX Office. All complaints will be reviewed and addressed appropriately.
Yahoo
6 hours ago
- Yahoo
Texas Ag Commissioner Warns Of Agroterrorism Threat After Fungus Smuggling
Texas Agriculture Commissioner Sid Miller called for heightened vigilance following the arrest of two Chinese nationals charged with smuggling a dangerous fungus into the United States. 'I am deeply troubled by the recent allegations against two Chinese individuals for supposedly smuggling a dangerous agroterrorism agent into the United States, specifically a fungus that could cause significant damage to crops such as wheat, barley, maize, and rice,' Miller said in a news release on Friday. 'What's even more alarming is that one of the individuals reportedly has ties to the Chinese Communist Party. This raises serious questions about intent and highlights the real threats facing American agriculture and national security.' The suspects, Yunqing Jian, 33, and Zunyong Liu, 34, both citizens of the People's Republic of China, face felony charges, including conspiracy, smuggling goods, making false statements, and visa fraud, according to the U.S. Attorney's Office in Detroit, The Dallas Express reported on June 4. Court documents allege the pair smuggled Fusarium graminearum, a fungus known to cause 'head blight' in certain crops, through Detroit Metropolitan Airport, intending to research it at a University of Michigan lab. The fungus has caused billions in global crop losses and produces toxins harmful to humans and livestock, leading to symptoms like vomiting, liver damage, and reproductive issues. Miller emphasized the gravity of the threat, stating, 'Any effort to compromise our food supply or harm our agricultural commodities will be met with zero tolerance, and we are prepared to support any action that protects our producers and the integrity of our food system.' He praised the FBI, U.S. Customs and Border Protection, and other federal agencies under the Trump administration for their swift response, adding, 'We must continue to strengthen biosecurity protocols and protect our agricultural research institutions from foreign interference. Our food security is national security, and we will not let our guard down.' Authorities allege Jian, who worked in a University of Michigan science lab, received funding from the Chinese government for work related to the pathogen. Her electronic devices showed close ties to the Chinese Communist Party. Her boyfriend, Liu, allegedly admitted to smuggling the fungus to 'work on it' with Jian. 'The alleged actions of these Chinese nationals—including a loyal member of the Chinese Communist Party—are of the gravest national security concerns,' said Attorney Jerome F. Gorgon Jr. 'These two aliens have been charged with smuggling a fungus that has been described as a 'potential agroterrorism weapon' into the heartland of America.' Cheyvoryea Gibson, special agent in charge of the FBI Detroit Field Office, noted the exploitation of academic settings for illicit purposes, stating, 'These individuals exploited their access to laboratory facilities at a local university to engage in the smuggling of biological pathogens, an act that posed an imminent threat to public safety.' CBP's Director of Field Operations, Marty C. Raybon, underscored the need to protect agriculture, saying, 'Today's criminal charges levied upon Yunqing Jian and Zunyong Liu are indicative of CBP's critical role in protecting the American people from biological threats that could devastate our agricultural economy and cause harm to humans; especially when it involves a researcher from a major university attempting to clandestinely bring potentially harmful biological materials into the United States.' The investigation is ongoing.
