Columbia University data breach impacts 870,000 students and applicants.
A significant cyberattack on Columbia University has raised serious concerns over the security of sensitive personal information, affecting approximately 870,000 individuals, including students, applicants, and employees. The breach, which compromised Social Security numbers, health data, and other confidential information, was revealed by university officials as investigations continue into the nature of the incident.
The attack, which occurred in late June 2025, resulted in widespread disruption, leaving Columbia’s students locked out of their email accounts and various online platforms due to a technical outage related to user authentication services. In response, the university launched a thorough investigation and subsequently discovered that the unauthorized access had led to the exposure of information tied to admissions, enrollment, and financial aid processes. This also included detailed records of applicants, demographic data, and academic histories.
Despite the extensive data breach, health records from the Columbia University Irving Medical Center appear to remain secure, as officials have indicated that no patient information was compromised during the incident.
The breadth of the breach was first reported by Bloomberg News and later confirmed through data breach notifications submitted by Columbia to state governments. In the wake of the attack, the university has begun reaching out to those affected, offering two years of complimentary credit monitoring to mitigate potential risks stemming from the exposure of their personal information. University officials have emphasized their commitment to enhancing cybersecurity measures to prevent future incidents.
While Columbia’s statement did not disclose a clear motive behind the attack, an individual purporting to be the hacker suggested that their intentions were politically motivated, aimed at revealing alleged race-based admissions practices at the university following a significant Supreme Court ruling in 2023 that eliminated affirmative action in college admissions. Columbia maintains that its admissions policies are in full compliance with legal standards.
Notably, some of the breached data was shared with media outlets, highlighting instances of misidentification within applicant demographics. This data included information about Zohran Mamdani, a Democratic mayoral nominee, whose application to Columbia was denied despite his classification as both Asian and Black based on his racial background.
In a further development related to the aftermath of the breach, Columbia has agreed to provide admissions data disaggregated by race, academic performance, and test scores as part of a settlement that aligns with broader federal initiatives targeting discrimination in academic environments. This decision comes amid increasing scrutiny on colleges nationwide regarding their admissions practices, particularly following the contentious overturning of longstanding affirmative action policies.
As the situation unfolds, Columbia University continues to confront the implications of this security breach, navigating the challenges of protecting its community’s data while adhering to evolving legal and societal standards.
