Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees.Columbia University suffered a cyberattack that exposed the personal data of students, applicants, and employees. According to the data breach notification sent to the Maine Attorney’s General Office, the incident impacted 868,969 people. The organization quickly notified law enforcement.A recent technical outage affecting parts of the university’s IT systems was found to be caused by unauthorized access. The University investigated the incident with the help of external cybersecurity experts and discovered that an attacker may have stolen data from a limited portion of the network. Operations have since been restored, and no malicious activity has been observed since June 24. Columbia University is still investigating the security breach and starting August 7 it will notify the community and any individuals whose personal data may have been compromised.“Last week, we reported a technical outage that disrupted certain parts of our IT systems.” reads the statement published by the University. “We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party.”On August 5, Columbia University confirmed that threat actors accessed data on students and applicants, including admissions, enrollment, and financial aid files, as well as some employee personal information. The university added that they have no evidence of unauthorized access to its systems since June 24, 2025.The exposed information includes Social Security numbers, contact details, demographic information, academic history, financial aid-related information, insurance-related information, and certain health information. To date, the university believes that any Columbia University Irving Medical Center patient records were affected.The university did not share details about the attack, but observed effects suggest that it may have been targeted in a ransomware attack. At this time, not ransomware group claimed responsibility for the attack.Columbia University is offering two years of free credit monitoring and identity protection services to the impacted individuals. All community members are urged to stay vigilant. The university has also strengthened its systems with enhanced security measures to help prevent future incidents and remains committed to improving its cybersecurity defenses.“We recognize the concern this matter may have raised and appreciate your ongoing patience during this challenging time. Please know we are committed to supporting the University community. You can continue to rely on official University communications for updates.” concludes a new statement published on August 5, 2025. “Also, please be aware that following a cybersecurity incident such as this, scammers may reach out offering fraudulent services.”Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)