Columbia University has confirmed a major data breach that impacted nearly 870,000 people. Those affected include current and former students, job applicants, staff members, and even some of their family members. The incident is one of the largest security breaches reported by a U.S. university in recent years.
The first signs of trouble appeared on June 24, when Columbia’s systems went offline. Students and staff suddenly lost access to email, learning platforms, and other online services. At the time, it looked like a technical outage, but an internal investigation later revealed it was caused by a cyberattack.
According to official statements, the attackers first gained access to Columbia’s network around May 16, 2025. During this period, they stole large amounts of data from the system. Reports suggest that the stolen files total around 460 gigabytes, containing sensitive academic and personal records.
The compromised information includes bank account and routing numbers, scholarship and loan details, test scores, GPAs, class schedules, home addresses, and contact information. Some of the affected records date back decades, with alumni from as far back as the 1990s confirming their details are part of the breach.
Columbia has said there is no indication that patient records from its medical center were involved. The stolen files appear to be related mainly to academic and administrative records rather than healthcare information.
While the identity of the attacker has not been confirmed, reports suggest the breach may have been politically motivated. The hacker has been described as a “hacktivist,” indicating the attack might have been driven by ideology rather than money.
On August 7, Columbia began mailing formal notices to those affected. These letters explain the nature of the breach, outline what information was exposed, and provide guidance on what steps recipients can take to protect themselves.
To help reduce the impact, the university is offering two years of free services through the security firm Kroll. These include credit monitoring, fraud consultation, and identity theft restoration. This support is meant to help people spot suspicious activity early and respond quickly if their data is misused.
The incident has already led to legal action. A proposed class-action lawsuit claims Columbia failed to protect sensitive data and did not take reasonable security measures to prevent such an attack. The case could have serious consequences for the university.
Cybersecurity experts are urging anyone connected to Columbia to take precautions. This includes monitoring bank and credit accounts, changing passwords, enabling two-factor authentication, and being alert for phishing attempts that might use stolen details to trick victims.
Columbia says it is still investigating the breach with the help of cybersecurity specialists and law enforcement. The university also plans to strengthen its security systems to prevent similar incidents in the future. More details are expected as the investigation continues.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
