Columbia University Data Breach Affects Nearly 870,000 Individuals: Key Impacts and Insights
An unknown threat actor has breached Columbia University’s network, compromising the sensitive personal, financial, and health information of nearly 870,000 current and former students and employees. Established in 1767 as King’s College, Columbia University is a prestigious private Ivy League research institution with a budget of $6.6 billion for 2024, employing over 20,000 staff, including 4,700 academic personnel, and serving more than 35,000 students across 19 schools and special programmes. The breach was detected following a system outage on June 24, prompting an investigation with external cybersecurity experts. Notification letters filed with the office of Maine’s Attorney General on August 7 revealed that the breach affected 868,969 individuals, including employees, applicants, and family members. Columbia University confirmed that an unauthorised third party gained access to its network around May 16, 2025, and extracted certain files, although there is no evidence that any patient records from Columbia University Irving Medical Center were compromised.
The stolen data includes a range of sensitive information, such as names, dates of birth, Social Security numbers, and personal details provided during applications or studies. This encompasses contact information, demographic data, academic history, financial aid details, and health-related information shared with the university. While Columbia University has not found evidence of misuse of the stolen data for identity theft or fraud, it is offering two years of free credit monitoring, fraud consultation, and identity theft restoration services through Kroll to those affected. The incident highlights the increasing threat of cyberattacks, with malware targeting password stores surging threefold as attackers execute stealthy Perfect Heist scenarios to infiltrate critical systems.
Categories: Data Breach, Personal Information Theft, Cybersecurity Incident
Tags: Data Breach, Columbia University, Sensitive Information, Cybersecurity, Unauthorized Access, Personal Data, Financial Information, Health Information, Credit Monitoring, Identity Theft