The University of Hawaiʻi Cancer Center has confirmed that a major data breach has affected nearly 1.2 million people. The incident was linked to a ransomware attack targeting the center’s research systems. The breach was first detected in August 2025. After a detailed review, officials confirmed the scale of the exposure.
According to the university, the attackers gained unauthorized access to servers used by the epidemiology department. These systems stored research-related information rather than hospital treatment records. Clinical care services and ongoing medical trials were not disrupted. The impact was limited specifically to certain research databases.
Most of the exposed information came from the Multiethnic Cohort Study. This long-running study began in the 1990s to examine cancer risk factors among diverse communities. Participants were recruited between 1993 and 1996. At that time, personal identifiers were commonly collected for research management.
The compromised data may include Social Security numbers, driver’s license numbers, voter registration details, and other identifying information. Officials stated that not every affected person had all types of data exposed. However, up to approximately 1.24 million individuals may have been impacted. These details make the breach particularly serious due to identity theft risks.
Investigators found that the attackers both encrypted and exfiltrated files from the system. Exfiltration means the data was copied and taken outside the network. After discovering the intrusion, the university contacted law enforcement and cybersecurity specialists. Recovery efforts began immediately to regain control of the systems.
University officials reported that there is currently no evidence the stolen information has been publicly released. Even so, the institution is continuing to monitor the situation closely. Affected individuals are being notified through official communication. Complimentary credit monitoring and identity protection services are being offered.
The university explained that Social Security numbers were used in older research records because it was standard practice at the time. Today, those identifiers are no longer used in research data systems. Modern safeguards rely on more secure identification methods. A full cybersecurity review across the university system has also been initiated.
This incident highlights the risks research institutions face when storing long-term historical data. Even archived records can become targets for ransomware groups. University leadership has apologized and emphasized strengthening security measures. Efforts to enhance system protection and prevent future breaches are ongoing.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
