Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Columbia University data breach impacted 868,969 people

Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees. Columbia University suffered a cyberattack that exposed the personal data of students, applicants, and employees. According to the data breach notification sent to the Maine Attorney’s General Office, the incident impacted 868,969 people. The organization quickly notified law enforcement. […]

Columbia University

Source Admissionsight.com

Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees.

Columbia University suffered a cyberattack that exposed the personal data of students, applicants, and employees. According to the data breach notification sent to the Maine Attorney’s General Office, the incident impacted 868,969 people. The organization quickly notified law enforcement.

A recent technical outage affecting parts of the university’s IT systems was found to be caused by unauthorized access. The University investigated the incident with the help of external cybersecurity experts and discovered that an attacker may have stolen data from a limited portion of the network. Operations have since been restored, and no malicious activity has been observed since June 24. Columbia University is still investigating the security breach and starting August 7 it will notify the community and any individuals whose personal data may have been compromised.

“Last week, we reported a technical outage that disrupted certain parts of our IT systems.” reads the statement published by the University. “We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party.”

On August 5, Columbia University confirmed that threat actors accessed data on students and applicants, including admissions, enrollment, and financial aid files, as well as some employee personal information. The university added that they have no evidence of unauthorized access to its systems since June 24, 2025.

The exposed information includes Social Security numbers, contact details, demographic information, academic history, financial aid-related information, insurance-related information, and certain health information. To date, the university believes that any Columbia University Irving Medical Center patient records were affected.

The university did not share details about the attack, but observed effects suggest that it may have been targeted in a ransomware attack. At this time, not ransomware group claimed responsibility for the attack.

Columbia University is offering two years of free credit monitoring and identity protection services to the impacted individuals. All community members are urged to stay vigilant. The university has also strengthened its systems with enhanced security measures to help prevent future incidents and remains committed to improving its cybersecurity defenses.

“We recognize the concern this matter may have raised and appreciate your ongoing patience during this challenging time. Please know we are committed to supporting the University community. You can continue to rely on official University communications for updates.” concludes a new statement published on August 5, 2025. “Also, please be aware that following a cybersecurity incident such as this, scammers may reach out offering fraudulent services.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)