Indiana University breach exposed nearly 250K user records


Attackers posted a Indiana University (IU) database containing hundreds of thousands of records, including user emails and full names.

The database was posted on a leak forum, a website that cybercrooks use to share stolen data. The Cybernews research team has confirmed the database contains nearly 250K records.

“On Tuesday 4th July, the Indiana University [iu.edu] suffered a data breach that exposed over 248,300 records. The exposed data includes email addresses and full names,” the post’s author said.

The data sample provided on the forum claims that the attackers got their hands on users' full names and email addresses. Most of the emails seem to belong to Indiana University, which indicates that the data either belongs to the school’s students, staff, or both. Some entries in the dataset are marked “2023,” indicating that the details are fresh.

Indiana forum
Post on a leak site. Image by Cybernews.

We contacted Indiana University for comment but did not receive a reply before publishing.

While the never-ending stream of data breaches can cause fatigue, the dangers of losing one’s own persist. For example, cybercriminals can use personal information to commit fraud. Experts warn that even seemingly insignificant pieces of leaked personal data can be collated to have a devastating impact.

The Cybernews research team recently discovered that Indiana University leaked confidential Beginning College Student Engagement Survey (BCSSE) data. At the time, IU told Cybernews that the incident “resulted from a third-party vendor’s misconfiguration.”

Indiana University boasts nine campuses throughout Indiana, over 90,000 students, and 760,000 alums. As of June 30th, 2022, the market value of IU’s endowment totaled $3.515 billion.


More from Cybernews:

Decentralized storage emerging as solution to cloud-based attacks

Selfies and passports of Philippine police exposed in data leak

Twitter killer on the loose: Meta unleashes rival app Threads

US healthcare firm breach, child patient data at risk

Akira ransomware decryptor released to public

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked