A breach at Yale University that could have compromised data on 119,000 alumni, faculty and staff raises lessons for other universities and other complex organizations, reminding them of the risks associated with data security.

Yale discovered the breach this past summer, and personal information was possibly compromised between April 2008 and January 2009, according to a class action lawsuit filed in U.S. District Court for the District of Connecticut. The breach involved names, Social Security numbers, dates of birth, email addresses and physical addresses, according to a report from the Connecticut Law Tribune. Yale, the lawsuit maintains, also “improperly retained personal information.” The lawsuit was filed on behalf of Andrew Mason, who attended a summer program at Yale during 2005, following an earlier lawsuit filed by another former student in response to the breach.