Monroe University said in a data breach notification filed with the Office of the Maine Attorney General that a December 2024 cyberattack exposed personal, financial, and health information for 320,973 people.
KEY FACTS
- Incident Network access from December 9 to December 23, 2024
- Impact 320,973 individuals affected
- Data Personal, financial, and medical information may have been stolen
- Response Notifications mailed January 2 and one year of credit monitoring offered
Attackers had access to the university network for two weeks in December 2024. A review of the stolen documents in September 2025 produced the total number of affected individuals.
The university’s disclosure says the type of information varied by person and may have included name, date of birth, Social Security number, driver or passport numbers, medical and health insurance information, electronic account or email usernames and passwords, and financial account information.
Breach notification letters began mailing on January 2 to those whose data was stolen. Affected individuals are being offered one year of free credit monitoring through Cyberscout to alert them to changes to their credit files.
The institution enrolls more than 9,000 students across campuses in New York and Saint Lucia. The school was previously targeted in a ransomware attack when it was known as Monroe College.
WHY IT MATTERS
The exposure of Social Security numbers, financial account details, and medical information increases the risk of identity theft and financial fraud. Affected people were advised to monitor credit reports and account statements while the one year of monitoring is in effect.