New York University Data Breach Affects Millions

Published

June 10, 2025

Updated

July 30, 2025

New York University

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On March 22, 2025, New York University (NYU) experienced a major cybersecurity incident that affected millions of individuals. According to official disclosures, an unauthorized actor gained access to NYU’s IT systems and took control of the systems that direct web traffic to the university’s website.

For approximately three hours, visitors to www.nyu.edu were redirected to a webpage posted by the attacker on GitHub, which linked to files that included the personal information of over three million applicants and students. According to news reports, the hacker revealed detailed applicant information, including test scores, GPAs, and more.

The breach was disclosed to the California and Massachusetts Attorney Generals' offices on June 9, 2025 and the Texas Attorney General's office on June 10, 2025, reporting 32,255 Texas and 27,145 Massachusetts residents affected. NYU published a message about the incident on its own website on March 27, 2025.

Exposed information has been identified as personally identifiable information (PII) and includes names, Social Security numbers and other admissions data. The incident has been linked to the same actor responsible for a similar breach at the University of Minnesota.

New York University’s response

NYU responded to the cybersecurity incident by working with a cybersecurity specialist to regain control of its systems and redirect web traffic back to the legitimate NYU website. The unauthorized webpage was taken down, and law enforcement authorities were notified.

The communication posted on the NYU website states that a review is taking place, and impacted individuals will be notified as soon as the investigation is complete.

If you believe your personal information was compromised in the NYU hacking incident, you can take the following steps:

Carefully review any notice or communication you receive from New York University.
Monitor financial accounts and credit reports for signs of identity theft.
Consider placing fraud alerts or credit freezes with major credit bureaus.
Be cautious of unsolicited emails or phone calls requesting personal information.

NYU has set up a dedicated hotline at 855-754-9725 for individuals with questions or concerns about the incident.

For more information about New York University, visit NYU’s official website.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.