Baker University Data Breach Exposes 53,000 People in 2024
▼ Summary
– Baker University disclosed a data breach where attackers accessed its network for over two weeks in December 2024, stealing sensitive personal, health, and financial data.
– The breach impacts 53,624 individuals affiliated with the university, with compromised information including Social Security numbers, driver’s licenses, and medical details.
– The university found no evidence of fraudulent use of the stolen data but is offering free credit monitoring and advises affected individuals to monitor their accounts.
– University leadership stated that rebuilding compromised systems is a priority, and they have been working with external cybersecurity experts since the incident.
– This breach is part of a wider trend, as several other major U.S. universities have also been targeted in recent cyberattacks, including by ransomware gangs exploiting software vulnerabilities.
A significant data security incident at Baker University has compromised the sensitive personal information of more than 53,000 individuals affiliated with the institution. The private Kansas university discovered that unauthorized actors infiltrated its network, gaining access between December 2nd and 19th, 2024. This breach resulted in the theft of a wide array of confidential data, putting students, employees, and others at potential risk.
The compromised information is extensive and varies per individual. The stolen data includes names, dates of birth, driver’s license numbers, Social Security numbers, and financial account details. Furthermore, highly sensitive health insurance information, medical records, passport numbers, student ID numbers, and tax identification numbers were also taken. The university detected the suspicious activity following a network outage in December, prompting an immediate investigation.
In official notifications, Baker University stated the breach impacts 53,624 people. While the institution claims there is no current evidence of fraudulent use of the stolen data, it is offering affected individuals complimentary credit monitoring services. University President Jody Fournier emphasized that the privacy and security of the community are top priorities, noting that the school has been working with external cybersecurity experts to rebuild a primary platform compromised during the attack.
The university has not publicly disclosed the specific nature of the cyberattack or identified the responsible threat actor. This incident places Baker University among a growing list of higher education institutions targeted by cybercriminals. Notably, other prestigious universities, including Harvard, Princeton, and the University of Pennsylvania, have recently faced similar breaches through voice phishing campaigns and exploits of software vulnerabilities.
In related incidents, the notorious Clop ransomware gang was implicated in attacks on Harvard and the University of Pennsylvania. That particular campaign exploited a critical flaw in Oracle E-Business Suite platforms to steal personal and financial data belonging to students, staff, and suppliers. Baker University is urging all potentially impacted individuals to vigilantly monitor their financial account statements and credit reports for any unusual activity.
(Source: Bleeping Computer)
