Baker University Suffers Major Data Breach, Exposing Sensitive Personal and Health Information
Baker University, a private liberal arts institution in Baldwin City, Kansas, disclosed a significant data breach that compromised sensitive information belonging to students, staff, and affiliated individuals. The incident was detected in December 2024 after suspicious activity triggered a network outage, prompting an immediate investigation.
Between December 2 and December 19, 2024, unauthorized actors accessed and exfiltrated files containing a broad range of personal data. The exposed information included names, dates of birth, driver’s license numbers, financial account details, health insurance records, medical information, passport numbers, Social Security numbers, student IDs, and tax identification numbers—affecting both personally identifiable information (PII) and protected health information (PHI).
While the total number of impacted individuals remains undisclosed, regulatory filings confirm that at least 66 Massachusetts residents were affected. The breach was reported to the Attorney Generals’ offices in Massachusetts and California on December 19, 2025, and a public notice was posted on the university’s website.
In response, Baker University secured its systems, engaged cybersecurity experts, and implemented enhanced security measures. The incident was reported to law enforcement, and affected individuals are being offered complimentary credit monitoring and identity restoration services through IDX for 24 months, with an enrollment deadline of March 19, 2026. A dedicated helpline has been established for inquiries.
Source: https://www.claimdepot.com/data-breach/baker-university-2025
Baker University cybersecurity rating report: https://www.rankiteo.com/company/baker-university
"id": "BAK1766188565",
"linkid": "baker-university",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students, staff, and affiliated '
'individuals (at least 66 '
'Massachusetts residents)',
'industry': 'Education',
'location': 'Baldwin City, Kansas, USA',
'name': 'Baker University',
'type': 'Educational Institution'}],
'customer_advisories': 'Instructions for enrolling in credit monitoring and '
'identity restoration services through IDX',
'data_breach': {'data_exfiltration': 'Potential',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Driver’s license numbers',
'Financial account information',
'Health insurance information',
'Medical information',
'Passport information',
'Social Security numbers',
'Student identification numbers',
'Tax identification numbers']},
'date_detected': '2024-12',
'date_publicly_disclosed': '2024-12-19',
'description': 'Baker University experienced a significant data breach '
'affecting sensitive information of students, staff, and other '
'affiliated individuals. Unauthorized access to files and '
'folders within the university’s network occurred between '
'December 2, 2024, and December 19, 2024, leading to the '
'exposure of personally identifiable information (PII) and '
'protected health information (PHI).',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'downtime': 'Network outage',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'University network systems'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Updated security policies '
'and implemented additional '
'technical measures'},
'recommendations': ['Review notices from Baker University or affiliated '
'companies',
'Monitor financial accounts and credit reports for signs '
'of identity theft',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information'],
'references': [{'source': 'Baker University Public Notice'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General',
'California Attorney '
'General']},
'response': {'communication_strategy': 'Public notice on website, regulatory '
'filings, and direct communication '
'with affected individuals',
'containment_measures': 'Secured network environment',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'Updated security policies and '
'implemented additional technical '
'measures',
'third_party_assistance': 'Cybersecurity professionals'},
'title': 'Baker University Data Breach',
'type': 'Data Breach'}