- Columbia University Files are formed with Maine Attorney General’s Office
- It confirmed the number of victims and the type of stolen data
- Victims offered free monitoring services for credit and identity theft
A massive cyberincident affecting nearly 870,000 students in Columbia University, staff and other persons occurred in May 2025, the university has confirmed.
In a new filing in the Maine Attorney Office, the university said at the end of June 2025 that it experienced a power outage in the IT systems, which received a study with the support of third-party cyber security and forensic experts.
The study confirmed that the power interruption was the result of a cyber attack in which unidentified perpetrators stole sensitive data on exactly 868,969 people, including staff, applicants, students (both current and past) and various family members.
460 GB of data taken
“Our study determined that on May 16, 2025, an unauthorized third party gained access to Columbia’s network and subsequently took certain files from our system,” Columbia University said.
“To date, we have no evidence that any Columbia University Irving Medical Center -Patient Journals were affected.”
The university recently began notifying affected persons via letters that detailed the type of information stolen in the violation:
“The data affected included your name, date of birth and social security number, and any personal information that you provided in connection with your application to Columbia or that we collected during your studies if you signed up,” the university apparently said.
“This included your contact information, demographic information, academic history, financially aid -related information and any insurance -related information and health information that you shared with us.”
Some attackers confirmed the violation and claimed to have stolen 460 GB of data. So far, there is no evidence that the data was abused in nature, but Columbia University will give the victims two years of free credit surveillance, consultation of fraud and identity theft, through Kroll, regardless.
How to remain safe
While the victims cannot do much about the stolen data, they can make sure that attackers do not use them against them. The best course of action is to remain vigilant with inbound communication, especially those who claim to come from Columbia University.
Unsolicited E emails, instant messages or phone calls, especially those who “threaten” to terminate accounts or otherwise prevent services, are probably false.
If you suspect you are being targeted, the best course of action is to stop all communication and then reach out to Columbia University directly through well -tested channels.
Via Bleeping computer
