Even though Columbia University publicly acknowledged only a significant IT outage on June 27, 2025, the institution faced what attackers claimed was an extensive breach of its most vital digital infrastructure, potentially exposing sensitive data from approximately 2.5 million current students, alumni, and applicants.
The politically motivated hacktivist alleged thorough access to the Student Information System, Active Directory domains, and all ESXi hosts across both Morningside Heights and Syracuse datacenters.
The cyberattack crippled crucial campus operations, forcing major system failures across UNI Login, LionMail, and CourseWorks platforms. Students and faculty lost access to email, academic applications, and learning management systems, resulting in widespread class cancellations and delays during summer sessions.
Research activities ground to a halt as communication networks collapsed, severely disrupting daily campus operations. With estimates showing that data breach costs typically reach $4.35 million, the university faced significant financial exposure.
Compromised data encompassed approximately 350,000 University Network IDs, according to the attacker’s supplied list. Exposed information allegedly included names, birth dates, Social Security Numbers, passport details, addresses, financial aid records, grades, and bank account information spanning decades of institutional records.
The perpetrator later released 1.6 GB of stolen data, with portions reportedly appearing on dark web channels.
The incident carried distinct political overtones, as the self-identified hacktivist cited political motivations for the attack. This attack followed similar breaches at the University of Minnesota and New York University, establishing a pattern of targeting higher education institutions. University officials noted unusual events during the breach, including a dorm television displaying a political image of former President Donald Trump, though connections to the cyberattack remain unconfirmed.
The multi-day outage began in late June 2025, with Columbia initiating investigations involving NYPD collaboration following the public disclosure. External parties, including Bloomberg, received leaked data samples by July 1, confirming the breach’s scope.
University authorities verified data exfiltration several days after the initial attack acknowledgment. Columbia’s IT division worked actively to restore affected systems while coordinating with law enforcement agencies throughout the recovery process.
The breach represents a significant compromise of higher education infrastructure, affecting not only current operations but potentially decades of archived student records, including sensitive personal and academic information critical for transcript services, alumni relations, and federal compliance reporting.
