Columbia University Data Breach Impacts Core Systems

On July 8, 2025, Columbia University discovered a significant data breach after experiencing a technical outage that disrupted certain IT systems on June 24, 2025. The university quickly activated its response process, working with external cybersecurity experts and notifying law enforcement. The investigation revealed that, on or about May 16, 2025, an unauthorized third party gained access to Columbia’s network and exfiltrated files containing sensitive information.

This breach is notable for its scale and the sensitivity of the data involved. According to official disclosures, a total of 868,969 individuals in the United States were affected. In Texas, 31,660 residents were impacted, in Washington, 11,521 residents were impacted, 1,572 in Iowa, 28,138 in Massachusetts, 686 in Montana and 2,026 in Maine.

The breach exposed a broad range of personally identifiable information (PII) and protected health information (PHI), including names, addresses, Social Security numbers, driver’s license numbers, financial information (such as account numbers, credit or debit card numbers, and financial aid-related information), academic history, contact details, date of birth, demographic information, medical information, health insurance details and insurance-related information.

Columbia University confirmed that, to date, there is no evidence that patient records from Columbia University Irving Medical Center were impacted. However, the nature of the compromised data means that those affected could face heightened risks of identity theft and fraud. The breach was reported to state authorities, including the California Attorney General, Maine Attorney General, Texas Attorney General, Washington Attorney General, Iowa Attorney General, Massachusetts Attorney General, Montana Attorney General and Vermont Attorney General between Aug. 7 and Aug. 8, 2025. Columbia University also posted a public statement about the incident.

Columbia University's response

In response to the breach, Columbia University implemented a series of safeguards across its systems to strengthen security and prevent similar incidents in the future. The university is continuing to evaluate and enhance its cybersecurity measures. While there is currently no evidence of identity theft or fraud linked to this incident, Columbia is providing affected individuals with two years of complimentary credit monitoring and identity restoration services through Kroll, a global risk mitigation and response provider.

Those impacted are encouraged to activate their credit monitoring services by visiting Kroll’s enrollment site using the instructions provided in the notification letter. The university has also established a dedicated call center at 866-819-7006, available Monday through Friday, 9 a.m. to 6:30 p.m. Eastern Time, to answer questions about the breach.

Given the nature of the data exposed—including Social Security numbers, financial information and health details—affected individuals should take extra precautions. It is advisable to regularly review account statements and credit reports for unauthorized or suspicious activity. Consumers can request free credit reports from the three major credit bureaus (Equifax, Experian and TransUnion) and consider placing a fraud alert or credit freeze on their files. Additional guidance is included in the university’s notification to consumers, which is available at the bottom of this article.

About Columbia University

Columbia University is a private Ivy League research university located in New York City. Founded in 1754 as King’s College, it is one of the oldest and most prestigious institutions of higher education in the United States. Columbia is known for its rigorous academics, influential alumni and a broad range of undergraduate and graduate programs. The university is structured into several schools, including Columbia College, the Fu Foundation School of Engineering and Applied Science, Barnard College and Columbia Business School.

Columbia is recognized for its Core Curriculum, which emphasizes a broad liberal arts education, and for its leadership in entrepreneurship, research and innovation. The university leverages its New York City location to provide students with unique opportunities and maintains a strong commitment to academic excellence and service to society. More information about the university can be found on the Columbia University website.