Baker University Data Breach Exposes Sensitive PII & PHI of 53K

Baker University, a private liberal arts institution in Baldwin City, Kansas, recently experienced a significant data breach that may affect the security of sensitive information belonging to at least 55,624 students, staff and other individuals affiliated with the university. The incident was first discovered in December 2024, when university officials noticed suspicious activity on certain systems, which ultimately resulted in a network outage. Immediate steps were taken to secure the environment and an investigation was launched to determine the scope and impact of the breach.

The investigation revealed that between Dec. 2, 2024, and Dec. 19, 2024, unauthorized individuals accessed and/or acquired files and folders within the university’s network. Through an extensive review, Baker University determined that a wide range of sensitive information was potentially compromised.

The types of information exposed varied by individual and included names, dates of birth, driver’s license numbers, financial account information, health insurance information, medical information, passport information, Social Security numbers, student identification numbers and tax identification numbers. This means both personally identifiable information (PII) and protected health information (PHI) were involved in the breach.

While the total number of affected individuals has not been publicly disclosed, regulatory filings indicate that at least 1,064 residents in Texas, 66 in Massachusetts, nine in New Hampshire, and at least five in Maine have been impacted so far. The breach was reported to the Attorney Generals' offices in Maine, Massachusetts, New Hampshire, Texas, Vermont and California beginning on Dec. 19, 2025.

Baker University has also posted a public notice on their website to inform all potentially affected parties.

Baker University's response

In direct response to the breach, Baker University reviewed and updated existing security policies and implemented additional technical measures to prevent similar incidents in the future. The incident was promptly reported to law enforcement and regulatory authorities as required by law. Baker University is offering complimentary credit monitoring and identity restoration services through IDX for up to 24 months.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Baker University or a company that does business with Baker University.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

Impacted individuals may contact Baker University about this data breach at 1-844-948-2042, Monday through Friday, 9 a.m. to 9 p.m. ET.