Hacker with ‘political agenda’ stole data from Columbia, university says

A hacktivist with a “political agenda” broke into Columbia University IT systems and stole “targeted” student data in recent weeks, a university official said Tuesday.

It is unclear how long the hacker was in university systems but a Columbia spokesperson said there has been no threat activity detected since June 24. Last week, the school said it was investigating a cyberattack and the university’s website and other systems were intermittently offline.

“Our investigation has indicated the hackers are highly sophisticated and were very targeted in their theft of documents,” the university official said. “They broke in and stole student data with the apparent goal of furthering their political agenda.”

The university has not received a demand for money or seen “any indication of ransomware,” the official said.

The hacker reportedly provided Bloomberg News with 1.6 gigabytes of data they claimed to have stolen from the university, including information from 2.5 million applications going back decades.

The stolen data the outlet reviewed reportedly contains details on whether applicants were rejected or accepted, their citizenship status, their university ID numbers and which academic programs they sought admission to.

While the hacker’s claims have not been independently verified, Bloomberg said it compared data provided by the hacker to that belonging to eight Columbia applicants seeking admission between 2019 and 2024 and found it matched.

The threat actor reportedly told Bloomberg he was seeking information that would indicate whether the university continues to use affirmative action in admissions despite a 2023 Supreme Court decision prohibiting the practice.

The hacker told Bloomberg he obtained 460 gigabytes of data in total — after spending two months targeting and penetrating increasingly privileged layers of the university’s servers — and said he harvested information about financial aid packages, employee pay and at least 1.8 million Social Security numbers belonging to employees, applicants, students and their family members. 

Bloomberg did not view the larger data set and it could not be independently verified.

A university spokesperson said they could not confirm Bloomberg’s reporting on the size of the hack while the investigation is ongoing.

The hacker stole data from a “limited portion of our network,” they said.

Once it became aware of the hack, Columbia recovered most systems quickly, the official said, adding the university has hired a “gold standard” cyber forensics firm to respond to the hack.

It could take months to determine what was stolen, they added. 

“We are investigating the scope of the apparent theft and will share our findings with the University community as well as anyone whose personal information was compromised,” a Columbia press release said. “We have not observed threat actor activity on our network since June 24 and will continue to monitor closely for further unlawful activity in our systems.”