Lincoln University Data Breach Exposes Students' Social Security Numbers

A significant data breach has impacted Lincoln University Of Missouri, a historically Black university in Jefferson City, resulting in the exposure of sensitive information belonging to current and former employees, students and applicants.

The incident was first discovered on Oct. 3, 2024, when the university identified a disruption to its computer network.

According to Lincoln University’s data breach disclosure, the compromised data includes a range of personally identifiable information (PII): Social Security numbers, dates of birth, driver’s license or state identification card numbers, first and last names, individual taxpayer identification numbers, passport numbers and student identification numbers.

Reports from the dark web indicate that the stolen data set also contains medical documents, personal data, student and employee contact information. While the presence of medical documents raises the possibility of protected health information (PHI) exposure, the university’s public disclosures have not detailed the extent of any PHI involved.

The FOG ransomware group claimed responsibility for the attack and posted about the breach on the Tor network dark web, stating the had obtained 10 GB of the organization's data.

After the initial network disruption, Lincoln University worked with cybersecurity professionals to determine the scope of the incident. By May 2, 2025, the university confirmed that personal information was among the data accessed by the attackers.

Lincoln University Of Missouri's response

Lincoln University took immediate steps to secure its network and engaged external cyber incident response experts to investigate the breach. Federal law enforcement was also notified. The university has reviewed and is enhancing its existing security policies and protections to address evolving threats and prevent similar incidents in the future.

As of this writing, there is no evidence that the stolen personal information has been misused. However, out of an abundance of caution, Lincoln University is offering twelve months of complimentary credit monitoring and identity protection services to individuals whose information was involved. Those who believe they may have been affected can contact a dedicated call center operated by HaystackID at 888-844-1265, available Monday through Friday from 8 am to 6 pm and Saturday from 9 am to 3 pm Pacific time, excluding U.S. national holidays.

Given the nature of the breach and the types of information compromised, affected individuals are encouraged to take the following steps:

• Enroll in the offered credit monitoring and identity protection services as soon as possible
• Monitor financial accounts and credit reports for suspicious activity
• Report any suspected identity theft to the appropriate authorities