Brigham Young University experienced a data breach affecting the personal information of 25,136 individuals in the United States. The educational organization detected unauthorized network access involving a vendor’s account, which occurred on or about June 17, 2025.
An unauthorized actor had access to the BYU files for several days until June 24, 2025. The breach exposed a wide range of personally identifiable information (PII), including name, Social Security number (if provided), account ID (but not password), contact information such as address and phone number, gender, marital status, religious affiliation (if provided), age and records of educational courses.
Brigham Young University began notifying affected current and former students on July 14, 2025. The data breach was also disclosed to the Maine, Massachusetts, Texas, and California Attorneys Generals' offices on July 18, 2025. Affected individuals include 62 Massachusetts residents and 26 Maine residents.
In addition to required state and federal disclosures, BYU-Pathway Worldwide is offering free credit monitoring services to impacted individuals.
If you receive notification from Brigham Young University about this breach, you may want to:
For more details about the university, visit the BYU-Pathway Worldwide website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.