Monroe University Data Breach Affects 320k Exposing Social Security Numbers

Bronx-based Monroe University recently disclosed a data breach following a hack of their systems.

The breach occurred after an unauthorized third party gained access to certain Monroe University computer systems between Dec. 9, 2024, and Dec. 23, 2024. During this time, the attacker acquired copies of files from the university’s network.

The university completed its review of the affected files on Sept. 30, 2025, confirming the scope and types of information exposed. Both personally identifiable information (PII) and protected health information (PHI) were involved.

According to a notice on their website, the compromised data included a range of sensitive information: names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, government identification numbers, medical information, health insurance information, electronic account or email usernames and passwords, financial account information, and student data.

The event was publicly disclosed and reported to the attorney general state offices of Maine and California on Jan. 13, 2026. According to the disclosure, 320,973 individuals across the United States were affected, including 85 residents of Maine.

On Jan. 14, 2026, the Vermont Attorney General's Office disclosed the breach. On the same day, Massachusetts Attorney General Office of Consumer Affairs and Business Regulation and the Texas Attorney General's Office disclosed that 875 residents and 3,075 residents were affected, respectively.

Monroe University's response

In response to the breach, Monroe University launched an investigation with the help of cybersecurity experts to determine the extent of the attack and contain further risks.

The university began mailing written notifications to affected individuals on Jan. 2, 2026.

For those whose information was compromised, Monroe University is offering a complimentary, one-year membership to Triple Bureau Credit Monitoring services through Cyberscout, a TransUnion company. This service provides alerts for changes to credit files at Experian, Equifax, and TransUnion, as well as proactive fraud assistance.

Individuals affected by the breach are encouraged to enroll in the offered credit monitoring service within 90 days of notification. The university recommends that everyone remain vigilant by reviewing account statements, monitoring credit reports, and reporting any suspicious activity to financial institutions and law enforcement.