A recent Columbia University data breach has exposed the personal details of hundreds of thousands of people who either attempted to enroll at the university or studied there.

The data breach was revealed after a June technical outage, which knocked out several of the university’s systems, Columbia revealed in a data breach notification sent to potentially impacted individuals.

Just hours after the outage occurred, the prestigious research institution disputed claims of a hacker attack. However, a subsequent investigation revealed that attackers penetrated Columbia’s systems over a month prior.

“Our investigation determined that, on or about May 16th, 2025, an unauthorized third-party gained access to Columbia’s network and subsequently took certain files from our system,” the breach notification said.

Information Columbia submitted to the Maine Attorney General’s Office revealed that over 868K individuals were exposed in the attack. Since Columbia has only around 34,000 students and over 7,000 faculty members, the number of exposed individuals strongly imply that alumni could also be impacted by the attack.

As one of the most prestigious educational institutions in the US, Columbia does not suffer from a lack of prominent former students. A roster of Columbia’s alumni includes anyone from the 26th US president, Theodore Roosevelt, and Supreme Court Justice Ruth Bader Ginsburg to Hollywood star Jake Gyllenhaal.

We have reached out to Columbia for comment and will update the article once we receive a reply.

What details did the Columbia data breach reveal?

The university stressed that while attackers did breach Columbia’s systems, there’s no evidence that any Columbia University Irving Medical Center patient records were affected. Meanwhile, attackers likely accessed information about Columbia applicants and students, including:

• Names
• Dates of birth
• Social Security numbers (SSNs)
• Contact details
• Demographic information
• Academic history
• Financial aid-related information
• Insurance-related information
• Health information

Not all individuals had the same details exposed during the attack. The type of compromised data depends on whether an individual was an applicant to Columbia University or someone who was a student. Moreover, the level of exposure also depends on the information that individuals provided to the University.

“We have implemented a number of safeguards across our systems to enhance our security. Moving forward, we will be examining what additional steps we can take and additional safeguards we can implement to prevent something like this from happening again,” Columbia’s breach notice said.

However, individuals whose details were exposed will face increased cybersecurity risks. For one, the combinations of leaked SSNs, dates of birth, and personal details enable attackers to attempt identity theft. For example, attackers could try to set up fraudulent accounts in other people’s names – something that cybercriminals often do to hide illicit activities.

Moreover, data that includes individuals from Columbia, an Ivy League school, is a treasure trove for cybercrooks. Attackers could target prominent individuals with sophisticated spear-phishing attacks and attempt extortion via social engineering attacks. High-profile individuals are among the most valuable targets due to their wealth and influence.

Columbia is home to numerous prominent US politicians, so the dataset could even be of interest to nation-state actors looking for initial access points or other ways to get closer to prominent individuals.

That’s why prominent higher education institutions are often on cybercriminals’ radar. Earlier this year, a ransomware gang claimed responsibility for an attack on Sorbonne University, one of the most prestigious universities in Europe.