Dordt University Data Breach Affects 34,251 People: SSNs Exposed

On June 19, 2025, Dordt University discovered a data security incident that resulted in unauthorized access to sensitive information belonging to tens of thousands of individuals. The breach, which affected a total of 34,251 people in the United States, was disclosed to the Maine Attorney General's office on July 11, 2025.

According to the university, the exposed data includes a range of personally identifiable information (PII) and protected health information (PHI): first and last names, dates of birth, account numbers, routing numbers, security codes, Social Security numbers, driver’s license numbers, usernames and passwords, health insurance information, and medical information.

The breadth of data exposed increases the risk for identity theft and financial fraud for those affected.

While the exact method of the breach has not been publicly detailed, the nature of the information accessed suggests a sophisticated intrusion into the university's data systems. The university notified consumers in writing on July 11, 2025, and posted a detailed notice on its website. For more information, individuals can review the official disclosure on the Maine Attorney General’s website and the university’s public notice.

Dordt University's response

In response to the breach, Dordt University has taken several steps to address the incident and protect those affected. The university promptly investigated the unauthorized access and worked to secure its systems to prevent further compromise. Written notifications were sent to all individuals whose information was involved, as required by law.

Given the types of information exposed—including Social Security numbers, financial account details, and health information—affected individuals are strongly encouraged to take proactive measures. These steps include monitoring financial accounts for suspicious activity, placing fraud alerts or credit freezes with major credit bureaus, and changing passwords for any accounts that may use the same credentials as those exposed. Additionally, individuals should be vigilant for phishing attempts or other suspicious communications that may reference the breach.

More information about the university is available on the Dordt University website.