Monroe University Confirms Massive Data Breach Affecting 320,000 Individuals
Monroe University disclosed a significant data breach in which threat actors stole sensitive personal, financial, and health information belonging to over 320,000 individuals. The attack occurred in December 2024, with attackers maintaining access to the university’s systems for two weeks from December 9 to December 23.
The breach was confirmed in September 2025 after a review of the stolen files revealed compromised data, including names, dates of birth, Social Security numbers, driver’s license and passport details, medical records, health insurance information, financial account data, and student records. The university began notifying affected individuals on January 2, 2025, urging them to monitor their credit reports and account activity for signs of fraud. As part of the response, Monroe University offered one year of free credit monitoring through Cyberscout.
This is not the first cybersecurity incident for the institution, which was previously targeted in a 2019 ransomware attack when it operated as Monroe College. At the time, attackers demanded 170 bitcoins (approximately $2 million) for decryption.
The breach at Monroe University is part of a broader trend of cyberattacks targeting U.S. higher education institutions. In recent months, the University of Hawaii’s Cancer Center reported a ransomware attack in August 2025, while Baker University disclosed a 2024 breach affecting over 53,000 individuals. Additionally, Harvard, Princeton, and the University of Pennsylvania fell victim to voice phishing attacks starting in October 2024, resulting in the theft of donor, staff, student, and alumni data. The Clop ransomware gang also exploited vulnerabilities in Oracle E-Business Suite platforms at Harvard and the University of Pennsylvania, stealing personal and financial information.
Monroe University TPRM report: https://www.rankiteo.com/company/monroe-college
Baker University TPRM report: https://www.rankiteo.com/company/bakerinstitute
"id": "monbak1768386731",
"linkid": "monroe-college, bakerinstitute",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '320,973 individuals',
'industry': 'Education',
'location': 'New York (Bronx and New Rochelle), Saint '
'Lucia',
'name': 'Monroe University',
'size': 'Over 9,000 students annually',
'type': 'Educational Institution'}],
'customer_advisories': 'Breach notifications mailed on January 2, 2025 with '
'credit monitoring offer',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '320,973',
'personally_identifiable_information': ['Name',
'Date of birth',
'Social Security '
'number',
"Driver's license "
'number',
'Passport number',
'Government '
'identification '
'number',
'Medical information',
'Health insurance '
'information',
'Electronic account '
'or email username '
'and password',
'Financial account '
'information',
'Student data'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'Financial information',
'Health information']},
'date_detected': '2024-12-23',
'date_publicly_disclosed': '2025-09-30',
'description': 'Monroe University revealed that threat actors stole the '
'personal, financial, and health information of over 320,000 '
'people after breaching its systems in a December 2024 '
'cyberattack.',
'impact': {'data_compromised': 'Personal, financial, and health information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Completed (data review finished on September 30, '
'2025)',
'recommendations': 'Monitor credit reports and account statements for signs '
'of fraud or identity theft; enroll in free credit '
'monitoring services',
'references': [{'source': 'BleepingComputer'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed with the Office '
'of the Maine Attorney '
'General'},
'response': {'communication_strategy': 'Breach notifications mailed on '
'January 2, 2025',
'third_party_assistance': 'Cyberscout (credit monitoring '
'services)'},
'title': 'Monroe University Data Breach',
'type': 'Data Breach'}