- Columbia University Form with the Office of the Attorney General of Maine
- Confirmed the number of victims and the type of stolen data
- Victims are offered free credit and identity robbery monitoring services
A massive cybercormer that affects almost 870,000 students from Columbia University, employees and other people occurred in May 2025, the University confirmed.
In a new presentation before Maine’s office, the university said at the end of June 2025 that it experienced an interruption in its IT systems, which caused an investigation with the support of experts in third -party cybersecurity and forensics.
The investigation confirmed that the interruption was the result of a cyber attack, in which the perpetrators not yet identified stole confidential data on exactly 868,969 people, including employees, applicants, students (both current and previous) and several family members.
460 GB of data taken
“Our research determined that, around May 16, 2025, an unauthorized third party obtained access to the Columbia Network and subsequently took certain archives of our system,” said Columbia University.
“To date, we have no evidence that the patient records of the Irving Medical Center of Columbia would be affected.”
Recently, the University began notifying the affected people through letters that detailed the type of stolen information in the violation:
“The affected data included their name, date of birth and social security number, as well as any personal information he provided in relation to his application to Columbia, or that we collect during his studies if he registered,” said the university apparently.
“This included its contact data, demographic information, academic history, information related to financial aid and any information related to health insurance and information that it shared with us.”
Some attackers confirmed the violation and claimed to have stolen 460 GB of data. Until now, there is no evidence that the data were abused in nature, but Columbia University will provide the victims for two years of free credit monitoring, fraud consultation and identity robbery protection services, through Kroll, independently.
How to stay safe
While victims directly cannot do much about stolen data, they can make sure the attackers do not use them against them. The best course of action is to remain attentive to incoming communications, especially those who claim to come from the University of Columbia.
The emails not requested, instant messages or telephone calls, particularly those that “threaten” to finish accounts or prevent services, are probably false.
If you suspect that you are being white, the best course of action is to stop all communication and then communicate directly with Columbia University, through tested channels.
Through Bleepingcomputer
