Columbia University, an Ivy League institution, suffered a major cyberattack in June 2025 that led to a network outage and unauthorized access to its systems. The breach compromised personal, financial, and health-related data of 869,000 individuals, including current/former students, employees, applicants, and some family members. The stolen data (totaling 460GB) included names, dates of birth, Social Security numbers, contact details, academic/financial aid records, insurance details, and health information. While Columbia University Irving Medical Center’s patient records were unaffected, the exposed data poses severe risks of identity theft, fraud, and long-term exploitation. The university reported the incident to law enforcement, implemented enhanced cybersecurity measures, and offered two years of free credit monitoring and identity theft restoration to victims. Investigators are still assessing the full scope, but criminals often delay misuse of stolen data for months.
Source: https://www.foxnews.com/tech/columbia-university-data-breach-hits-870000-people
TPRM report: https://www.rankiteo.com/company/columbia-university-facilities-operations
"id": "col3792437090725",
"linkid": "columbia-university-facilities-operations",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '869,000 (students, employees, '
'applicants, family members)',
'industry': 'Higher Education',
'location': 'New York, USA',
'name': 'Columbia University',
'size': 'Large (Ivy League; ~869,000 individuals '
'affected)',
'type': 'Educational Institution'}],
'customer_advisories': ['Two years of complimentary credit monitoring',
'Fraud consultation and identity theft restoration '
'services offered',
'Guidance on protective measures (e.g., credit '
'freezes, phishing awareness)'],
'data_breach': {'data_exfiltration': 'Confirmed (~460 GB stolen)',
'number_of_records_exposed': '869,000 individuals',
'personally_identifiable_information': 'Yes (names, SSNs, '
'dates of birth, '
'contact details)',
'sensitivity_of_data': 'High (SSNs, financial, health, and '
'academic records)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Financial Data',
'Health-Related Information',
'Academic Records',
'Employee Data']},
'date_detected': '2025-06',
'date_publicly_disclosed': '2025-06-24',
'description': 'Columbia University confirmed a major cyberattack that '
'compromised personal, financial, and health-related '
'information tied to current/former students, employees, and '
'applicants. The breach was discovered after a network outage '
'in June 2025, with nearly 869,000 individuals affected. The '
'threat actor claimed to have stolen ~460 GB of data, '
'including admissions, enrollment, financial aid, and employee '
'records. The university is offering credit monitoring and '
'identity theft restoration services while working with law '
'enforcement and cybersecurity experts to mitigate risks.',
'impact': {'brand_reputation_impact': 'High (Ivy League institution; '
'sensitive data exposed)',
'data_compromised': ['Names',
'Dates of birth',
'Social Security numbers',
'Contact details',
'Demographic information',
'Academic history',
'Financial aid records',
'Insurance details',
'Health information (non-medical center '
'records)'],
'downtime': 'Network outage (duration unspecified)',
'identity_theft_risk': 'High (SSNs, financial, and health data '
'exposed)',
'operational_impact': 'Ongoing investigation; notifications '
'rolling out since 2025-08-07'},
'initial_access_broker': {'data_sold_on_dark_web': 'Not confirmed (risk '
'remains high)',
'high_value_targets': ['Admissions records',
'Financial aid records',
'Employee data']},
'investigation_status': 'Ongoing (scope of theft still being assessed; no '
'evidence of data misuse yet)',
'post_incident_analysis': {'corrective_actions': ['Strengthened systems with '
'new safeguards',
'Enhanced protocols '
'implemented',
'Credit monitoring and '
'identity theft services '
'offered to victims']},
'ransomware': {'data_exfiltration': 'Yes (~460 GB)'},
'recommendations': ['Monitor credit reports via AnnualCreditReport.com',
'Use personal data removal services to scrub exposed '
'information',
'Set up fraud alerts/credit freezes',
'Use strong, unique passwords and a password manager',
'Enable two-factor authentication (2FA)',
'Beware of phishing attempts; verify messages before '
'clicking links',
'Install antivirus software on all devices',
'Consider identity theft protection services beyond the '
'free credit monitoring offered'],
'references': [{'date_accessed': '2025',
'source': 'Fox News (CyberGuy Report)',
'url': 'https://www.foxnews.com/tech/columbia-university-cyberattack-data-breach'},
{'date_accessed': '2025',
'source': "Maine Attorney General's Office (Breach "
'Notification)'},
{'date_accessed': '2025-06-24 and 2025-08-05',
'source': 'Columbia University Community Updates'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's office "
'(breach notification '
'filed)'},
'response': {'communication_strategy': 'Rolling notifications via mail '
'(started 2025-08-07); community '
'updates (2025-06-24, 2025-08-05)',
'enhanced_monitoring': 'Yes (implemented post-breach)',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'Strengthened systems with new '
'safeguards and enhanced protocols',
'third_party_assistance': 'Cybersecurity experts engaged'},
'stakeholder_advisories': 'Rolling mail notifications (started 2025-08-07); '
'community updates published',
'title': 'Columbia University Cyberattack and Data Breach',
'type': ['Data Breach', 'Unauthorized Access']}