Columbia University has reported a significant data breach affecting nearly 870,000 individuals, including current and former students, employees, and applicants. An undisclosed threat actor gained access to the university’s network on May 16, 2025, leading to the theft of sensitive personal, financial, and health information.
Discovered during an outage affecting university systems on June 24, the breach was confirmed by the university following an investigation that included external cybersecurity experts’ support. This breach has raised serious concerns regarding the security measures employed by significant educational institutions.
According to notification letters filed with the office of Maine’s Attorney General on August 7, the breach impacts 868,969 individuals, encompassing employees, applicants, and family members of current and former students. This alarming figure underscores the widespread implications of the security flaw.
The university, in its official statement, indicated that the compromised data includes personal identifiers such as names, Social Security numbers, contact information, and demographic details, as well as academic history and health-related information. Despite the severity of the breach, the university has stated that there is no evidence of misuse regarding the stolen data. To aid those affected, Columbia University will provide two years of free credit monitoring and identity theft restoration services through Kroll.