Breach of Mormon Church university vendor exposes over 25K students

Published: 21 July 2025
Mormon university student data breach
Image by Cybernews.

BYU–Pathway Worldwide, an education organization supported by the Church of Jesus Christ of Latter-day Saints (LDS Church), had an unauthorized party access tens of thousands of its students’ data.

The LDS – also known as Mormon – Church educational organization contacted thousands of students whose details were exposed in a recent data security incident.

According to information that the BYU–Pathway Worldwide (BYU–PW) submitted to the Maine Attorney General’s Office, the incident exposed over 25,000 of the institution’s students.

ADVERTISEMENT
Niamh Ancell BW Neilc Marcus Walsh profile Paulina Okunyte
Get our latest stories today on Google News
Google News Follow us

BYU–PW’s data breach notification indicates that the cybersecurity incident took place in mid-June of this year, with the organization learning about the incident a week later.

The university claims that the incident involved a vendor account, whose access was suspended immediately after the organization learned about unauthorized activity on its systems.

“Upon investigation, evidence indicated the vendor’s account was compromised by an unknown third party, which allowed unauthorized access to certain systems,” reads the data breach notice.

BYU–PW students were informed that attackers may have accessed their:

  • Social Security numbers
  • Account IDs
  • Addresses
  • Phone numbers
  • Genders
  • Marital status
  • Religious affiliations

“If you are a current student, you can log in to your online BYU-Pathway account at any time and view student data that may have been affected,” the university advised.

ADVERTISEMENT

At least in theory, attackers could leverage exposed details for identity theft by opening fraudulent accounts to set up access to financial accounts in victims’ names. Members of the cybercriminal underworld resort to such tactics to launder money and access illicitly gained funds.

Has my data been leaked?
Check Now

Cybercrooks may also exploit stolen details for targeted phishing attacks. With the knowledge of the victims’ religious affiliation, they can craft tailor-made attacks that appeal to specific groups with specific interests. That way, cybercrooks attempt to peddle malware or try to steal additional personal data.

“Upon discovery of the incident, we immediately initiated our incident response procedures and are actively working with external cybersecurity experts, federal law enforcement authorities, our legal team, and other leading cybersecurity professionals to investigate the incident and further enhance the security of BYU-Pathway’s data and IT systems, including vendor access,” BYU–PW said in a breach notice.

While there’s no indication that attackers misused personal student details, the organization said it will provide complimentary identity theft protection and credit monitoring services free of charge.

BYU–PW is an LDS Church-supported online university serving nearly 80,000 students worldwide. The organization says it offers US-accredited certificates and degrees in partnership with BYU–Idaho and Ensign College.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked