Columbia University says hacker stole SSNs and other data of nearly 900,000

A cyberattack in June on Columbia University allowed hackers to access the sensitive personal information of more than 860,000 people.

The university filed breach notification documents with regulators in Maine and California, warning that the incident exposed Social Security numbers and any information submitted as part of college applications or collected while in attendance at the school.

Contact details, demographic information, academic history, financial aid information, health insurance information and more were accessed by the hackers. Columbia said 868,969 people were affected.

The incident was discovered on June 24 when the university had a tech outage that disrupted significant parts of its IT systems. 

An investigation discovered that the hackers breached systems on May 16 and were able to siphon data from the school. No patient records were taken from Columbia University Irving Medical Center, according to the breach letters. 

The university is offering those affected two years of free credit monitoring services. 

The incident caused widespread issues for Columbia students, who could not access email accounts and platforms for assignments. Some took to social media to share images of digital signs on campus that were taken over and defaced with images of President Donald Trump. 

Two weeks after the hack, Columbia said a hacktivist with a “political agenda” broke into the school’s IT systems and stole “targeted” student data.

“Our investigation has indicated the hackers are highly sophisticated and were very targeted in their theft of documents,” the university official said on July 2. “They broke in and stole student data with the apparent goal of furthering their political agenda.”

The hacker — who also has allegedly breached systems at New York University and the University of Minnesota — has claimed the attacks are in response to the Supreme Court decision in 2023 striking down affirmative action and said his goal is to prove that schools are not abiding by the ruling by continuing to admit any Black and Latino students.

After the Columbia incident, the hacker reportedly provided tranches of the data to Bloomberg News and The New York Times — both of which ran controversial stories based on the stolen information.