A significant Columbia University data breach has exposed the sensitive information of nearly 869,000 individuals. The university confirmed the cyberattack, which was discovered in June after a network outage caused by an unauthorized party.
Scope of the Columbia University Data Breach
The Columbia breach exposed information for a vast number of people, including current and former students, employees, and applicants. According to a filing with the Maine Attorney General’s office, the threat actor claimed to have stolen approximately 460 gigabytes of data.
Compromised personal details include names, Social Security numbers, dates of birth, and driver’s license numbers. The stolen records also contained financial account numbers, health information, and student or employee ID numbers, impacting many Columbia University data breach victims.
Discovery and University Response
Columbia University discovered the security incident after a network outage in June. Investigators determined an unauthorized party had accessed its systems to steal sensitive data related to admissions, enrollment, and financial aid records.
The university confirmed that patient records from the Columbia University Irving Medical Center were not affected. Columbia has since reported the incident to law enforcement and is working with cybersecurity experts to strengthen its systems with new safeguards.
Columbia University Credit Monitoring Offer
In response to the attack, the university began mailing notification letters to affected individuals on August 7. The university is offering two years of complimentary credit monitoring, fraud consultation, and identity theft restoration services through TRANSUNION.
While there is no evidence that the stolen data has been misused, security experts note that criminals often wait months before exploiting such information. The investigation remains ongoing, and notifications will continue through the fall.
Recommendations for Affected Individuals
Officials advise individuals to remain vigilant against potential identity theft and fraud by reviewing their account statements and credit reports. Placing a fraud alert or credit freeze on one’s credit file is also recommended as a preventative measure.
Affected persons should be cautious of potential phishing emails or texts related to the breach. It is also advised to use strong, unique passwords for all online accounts, enable two-factor authentication, and use strong antivirus software.
