Columbia University recently confirmed a major cyberattack that compromised personal, financial and health-related information tied to students, applicants and employees. The victims include current and former students, employees and applicants. Notifications to affected individuals began Aug. 7 and are continuing on a rolling basis.

Columbia, one of the oldest Ivy League universities, discovered the breach after a network outage in June. According to Columbia, the disruption was caused by an unauthorized party that accessed its systems and stole sensitive data. Investigators are still assessing the full scope of the theft.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER 

TRANSUNION BECOMES LATEST VICTIM IN MAJOR WAVE OF SALESFORCE-LINKED CYBERATTACKS, 4.4M AMERICANS AFFECTED

What information was stolen?

According to a breach notification filed with the Maine Attorney General’s office, nearly 869,000 individuals were affected by the Columbia breach. This number includes students, employees, applicants and, in some cases, family members. Media outlets also reported that the threat actor claimed to have stolen approximately 460 gigabytes of data from Columbia’s systems.

Columbia confirmed that the stolen information relates to admissions, enrollment and financial aid records, as well as certain employee data. The categories of exposed information include:

• Names, dates of birth and Social Security numbers
• Contact details and demographic information
• Academic history and financial aid records
• Insurance details and certain health information

Columbia emphasized that patient records from Columbia University Irving Medical Center were not affected. Still, the breadth of stolen data poses serious risks of identity theft and fraud.

DIOR DATA BREACH EXPOSES US CUSTOMERS’ PERSONAL INFORMATION

Columbia University response

Columbia has reported the incident to law enforcement and is working with cybersecurity experts. The university said it has strengthened its systems with new safeguards and enhanced protocols to prevent future incidents.

Starting Aug. 7, Columbia began mailing letters to those affected, offering two years of complimentary credit monitoring, fraud consultation and identity theft restoration services.

When contacted, Columbia referred CyberGuy to its official community updates, published June 24 and Aug. 5.

While the university says there is no evidence that the stolen data has been misused so far, the risk remains high. Criminals often wait months before exploiting stolen data.

NEARLY A MILLION PATIENTS HIT BY DAVITA DIALYSIS RANSOMWARE ATTACK

Steps to protect yourself after the Columbia University breach

If you are among those affected or simply want to safeguard your data, take these steps today:

1) Monitor your credit reports

Check your credit reports regularly through AnnualCreditReport.com. Look for accounts you did not open or changes you did not authorize. 

2) Use a personal data removal service

Since Columbia confirmed that stolen files may include names, addresses and demographic details, consider using a personal data removal service. These services help scrub your information from data brokers and people search sites, making it harder for criminals to exploit exposed details. This step reduces the chance that stolen Columbia records are linked to your broader online identity.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

3) Set up fraud alerts and freezes

Placing a fraud alert makes it harder for identity thieves to open accounts in your name. A credit freeze offers even stronger protection by blocking new credit applications.

4) Use strong and unique passwords

Create long, complex passwords for each account. A password manager can help generate and securely store them.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

5) Enable two-factor authentication

Turn on two-factor authentication (2FA) wherever possible. This extra layer of security helps protect your accounts even if a password is stolen.

6) Watch for phishing attempts and use strong antivirus software

Scammers may try to exploit fear around the breach with fake emails or texts. Verify any message before clicking links or sharing personal information.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com/LockUpYourTech 

7) Consider identity theft protection services

Beyond the free credit monitoring Columbia offers, additional paid services can help track your data across the dark web and provide extra safeguards.

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft 

Kurt’s key takeaways

The Columbia University breach shows how even trusted institutions are vulnerable to cyberattacks. Because the investigation is ongoing and notifications will continue through the fall, individuals should remain on high alert. With so much personal, financial and health information exposed, staying alert long after the headlines fade is critical.

What more should universities and large institutions be required to do to safeguard the personal data of the people who trust them? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com.  All rights reserved.