Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data

Columbia University has disclosed a major cybersecurity incident where an unauthorized third party accessed and extracted a significant volume of personal and financial data.

The breach, which affects a vast number of individuals connected to the university, was discovered following a technical outage in late June.

According to a notice sent by the university, the incident was first identified on June 24, 2025, after certain IT systems were disrupted.

An investigation, launched with the help of external cybersecurity experts, revealed that an unauthorized party had gained access to Columbia’s network on or around May 16, 2025, and subsequently stole certain files. The university has since reported the incident to law enforcement.

Columbia University Data Breach

The compromised information is extensive and includes names, dates of birth, and Social Security numbers. For current and prospective students, the stolen data could also encompass contact details, demographic information, academic records, financial aid applications, and any insurance or health information shared with the university.

Columbia has stated that, to date, there is no evidence that patient records from the Columbia University Irving Medical Center were affected by the breach.

While the university has not officially confirmed the total number of affected individuals in its public statements, the scope of the breach is significant. A notice to the Rhode Island Attorney General mentioned that approximately 2,510 residents of that state alone may be impacted.

In response to the breach, Columbia University is taking steps to enhance its system security to prevent future occurrences. The university is offering two years of complimentary credit monitoring and identity restoration services through Kroll, a risk mitigation firm.

Affected individuals are encouraged to enroll in these services and to remain vigilant by regularly reviewing their financial statements and credit reports for any suspicious activity.

Columbia has established a dedicated call center to handle inquiries regarding the incident. The university has also provided guidance on how individuals can protect themselves, including placing fraud alerts or credit freezes with the major credit reporting bureaus Equifax, Experian, and TransUnion. Under U.S. law, consumers are entitled to a free credit report annually from each of these agencies.

Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial