Columbia University has confirmed a significant data breach that has affected approximately 870,000 individuals, including current and former students, employees, and applicants. The university revealed that the breach involved the compromise of personal, financial, and health-related information. Notifications to those impacted began on August 7, 2023, and will continue on a rolling basis.
The breach came to light following a network outage in June, which Columbia attributed to an unauthorized party gaining access to its systems and stealing sensitive data. As investigations progress, the full extent of the breach is still being assessed.
Details of the Compromised Data
According to a breach notification submitted to the Maine Attorney General’s office, nearly 869,000 individuals were impacted. This includes not only students and employees but also applicants and, in some cases, family members. Reports indicate that the threat actor claimed to have stolen around 460 gigabytes of data from Columbia’s systems.
The stolen information encompasses a variety of sensitive categories, including:
– Names, dates of birth, and Social Security numbers
– Contact details and demographic information
– Academic history and financial aid records
– Insurance details and certain health information
Columbia University emphasized that patient records from the Columbia University Irving Medical Center were not compromised in this incident. Despite this assurance, the extensive range of stolen data poses serious risks related to identity theft and fraud.
Columbia’s Response and Mitigation Efforts
In response to the attack, Columbia University has reported the incident to law enforcement and is collaborating with cybersecurity experts. The institution has enhanced its systems with new safeguards and protocols aimed at preventing future breaches. Beginning on August 7, the university started sending out letters to those affected, offering two years of complimentary credit monitoring, fraud consultation, and identity theft restoration services.
While Columbia has stated that there is currently no evidence of the stolen data being misused, the risk remains significant. Cybercriminals often delay the exploitation of stolen information, which heightens the need for vigilance among those affected.
Protective Measures for Affected Individuals
Those who believe they may be affected by the breach, as well as individuals concerned about their data security, should consider taking the following steps:
1. **Monitor Credit Reports**: Regularly check credit reports for any unauthorized accounts or changes.
2. **Use Personal Data Removal Services**: Services that help remove personal information from data brokers and people-search sites can reduce the risk of identity theft.
3. **Set Up Fraud Alerts and Freezes**: Placing a fraud alert can make it more difficult for identity thieves to open accounts in your name. A credit freeze offers stronger protection.
4. **Create Strong, Unique Passwords**: Use complex passwords for different accounts and consider employing a password manager.
5. **Enable Two-Factor Authentication (2FA)**: Activating 2FA adds an extra layer of security to your accounts.
6. **Be Aware of Phishing Attempts**: Remain cautious of unsolicited communications that may exploit the breach.
7. **Consider Identity Theft Protection Services**: Beyond the free credit monitoring provided by Columbia, additional services can help monitor personal information across the dark web.
The breach at Columbia University serves as a stark reminder that even established and trusted institutions are vulnerable to cyberattacks. With the investigation ongoing and notifications continuing, affected individuals should remain alert to protect their personal information.