Columbia University recently experienced a significant cyberattack that compromised the personal information of more than 860,000 people, including students, applicants, and employees.

The incident began with an IT outage on June 24, which the university later disclosed was the result of unauthorized access by hackers. An official update on August 5 revealed that the attackers gained entry to sensitive data encompassing student and applicant records related to admissions, enrollment, and financial aid, as well as some employee personal details.

Exposed data includes contact information, Social Security numbers, demographic details, academic records, financial aid specifics, insurance data, and limited health-related information. Importantly, the university clarified that patient records at the Columbia University Irving Medical Center were not affected.

The university reported the breach to the Maine Attorney General’s Office, which mandates that organizations disclose the number of impacted individuals. According to this report, nearly 869,000 people have been affected by the breach.

Columbia University is actively notifying those impacted and offering affected individuals complimentary services including two years of credit monitoring, fraud consultation, and identity theft restoration.

While the exact nature of the attack remains under investigation, preliminary findings indicate the breach likely occurred around May 16. Although the circumstances suggest a possible ransomware incident, no known threat actor has claimed responsibility for the attack to date.

This breach highlights the ongoing cybersecurity challenges faced by higher education institutions and underscores the critical importance of robust data protection and incident response strategies in safeguarding sensitive personal information.

Source: https://www.securityweek.com/columbia-university-data-breach-impacts-860000