Columbia University has been targeted in a cyberattack that resulted in the theft of personal information belonging to more than 860,000 individuals.
The Ivy League school suffered an IT outage on June 24 and on July 1 it revealed that it was caused by hackers who may have stolen data from its network.
In an update shared on August 5, Columbia University said its investigation found that the intruders obtained information about students and applicants, including files related to admission, enrollment, and financial aid. The hackers also obtained the personal information of some employees.
The compromised information includes contact details, Social Security numbers, demographic information, academic history, financial aid information, insurance information, and some health information.
Patient records of the Columbia University Irving Medical Center were not obtained by the hackers, the university highlighted.
Columbia University on Thursday told the Maine Attorney’s General Office, which requires organizations that suffer a data breach to disclose the total number of affected individuals, that 868,969 people are impacted by the incident.
Affected individuals are being notified and offered two years of free credit monitoring, fraud consultation, and identity theft restoration services.
The investigation is ongoing, but the university believes the attackers gained unauthorized access to its systems around May 16.
While the organization’s description of the incident suggests that it may have been targeted in a ransomware attack, SecurityWeek has not seen any known threat group taking credit for the attack on Columbia University.
Related: Google Discloses Data Breach via Salesforce Hack
Related: Over 1 Million Impacted by DaVita Data Breach
Related: French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers
