Stolen Data from Columbia University Contains Bank Information and Home Addresses

Stolen Data from Columbia University Contains Bank Information and Home Addresses

Columbia University is currently investigating a potential cyberattack following an IT outage at the school in June. The breach has resulted in the theft of sensitive data, including financial information and academic performance of students and alumni.

The stolen data includes bank account and routing numbers, student loan and scholarship disbursements, standardized test scores, grade-point averages, class schedules, home addresses, and other contact information. A separate 53.6-gigabyte cache of data, containing potentially sensitive information, was made available to Jordan Lasker, a blogger whose views on race and IQ have been criticized as offensive and scientifically flawed.

Columbia University has announced that an unauthorized party had acquired data about students and applicants regarding admissions, enrollment, and financial aid, as well as certain personal information associated with some university employees. Nine current and former students who began attending Columbia undergraduate and graduate programs as early as the 1990s have confirmed the accuracy of their data in the files.

Steps to Protect Against Identity Fraud

In response to the breach, Columbia University will offer those affected two years of credit monitoring, fraud consultation, and identity theft services through a vendor. Here are some additional steps individuals can take to protect themselves from potential identity fraud and theft:

1. Monitor Accounts: Regularly check bank accounts, credit card statements, and other financial records for any suspicious activity. This includes monitoring for unauthorized bank transfers, new credit inquiries, or unexpected changes in account activity.
2. Credit Monitoring: Enroll in the complimentary credit monitoring service offered by Columbia University to receive alerts about any new credit inquiries or changes in your credit reports.
3. Freeze Credit: Consider placing a freeze on your credit reports at the three major credit bureaus (Experian, Equifax, and TransUnion). This makes it more difficult for unauthorized parties to open new accounts in your name.
4. Secure Online Accounts: Update passwords for all sensitive online accounts, especially those related to financial services. Use strong, unique passwords and consider using a password manager.
5. Be Cautious with Communications: Be wary of unsolicited emails or calls claiming to be from Columbia University or financial institutions. Never provide personal information in response to such communications.
6. Report Suspicious Activity: If you notice any unauthorized activity, report it immediately to your bank or credit card company. You can also file a complaint with the Federal Trade Commission (FTC) using their online complaint assistant.
7. Stay Informed: Keep an eye on updates from Columbia University and relevant state attorney general offices regarding the breach and any recommended actions.

By taking these proactive steps, individuals affected by the breach can significantly reduce their risk of experiencing identity fraud and theft. Security experts warn that the hacked data could be used for malicious purposes, such as theft, identity fraud, and stalking. Rachel Tobac, CEO of SocialProof Security, advises individuals affected by the breach to freeze their credit and be vigilant for phishing attempts across all contact methods.

Columbia University has not yet identified the perpetrator of the breach, but the attack is believed to be politically motivated, with the attacker described as a "hacktivist." The university has recently reached a deal with the Trump administration to restore federal funding for research, paying a $200 million penalty over three years and implementing reforms to bolster campus safety and oversight of international students. The university will begin notifications this week to individuals believed to be affected by the attack. It's not clear who else might have access to the stolen data.

1. Affected individuals should be vigilant about financial records, scrutinizing bank accounts, credit card statements, and any unauthorized transfers or changes in account activity due to the stolen data potentially being used for identity fraud.
2. To further protect against identity theft, those affected can enroll in the two-year identity theft protection and credit monitoring service that Columbia University is offering, which includes alerts about any new credit inquiries or changes on credit reports.

Read also: