Monroe University Data Breach Impacts 320,000 People
▼ Summary
– Monroe University suffered a cyberattack in December 2024, exposing the personal, financial, and health data of over 320,000 individuals.
– The attackers had access to the university’s network for two weeks, from December 9 to December 23, 2024.
– The stolen information varied but could include names, Social Security numbers, medical details, and financial account data.
– The university is offering affected individuals one year of free credit monitoring and began mailing breach notifications in January.
– This incident is part of a broader trend, as multiple other U.S. universities have also reported significant data breaches in recent months.
A significant data breach at Monroe University has compromised the sensitive personal information of more than 320,000 individuals. The private institution, which originated as a Bronx secretarial school in 1933 and now serves thousands of students across campuses in New York and Saint Lucia, confirmed the cyberattack this week. Threat actors infiltrated the university’s systems for a two-week period in December 2024, gaining access to a vast trove of confidential data.
Following an extensive review of the stolen files, the university determined in late September 2025 that the breach impacted 320,973 people. The compromised information is extensive and varies per individual, potentially including names, dates of birth, Social Security numbers, driver’s license details, passport numbers, and various government IDs. Additionally, the stolen data encompasses medical records, health insurance information, financial account details, electronic credentials, and specific student data.
The school has initiated a notification process, mailing letters to affected parties since January 2. These communications advise recipients to vigilantly monitor their credit reports and financial statements for any unusual activity indicative of fraud or identity theft. As a remedial measure, Monroe University is offering one year of complimentary credit monitoring services through Cyberscout to help individuals safeguard their financial profiles.
This incident is not the first cybersecurity challenge for the institution. Previously, when it operated under the name Monroe College, it fell victim to a ransomware attack where hackers demanded a payment of 170 bitcoins, equivalent to roughly $2 million at the time, for a decryption key.
The breach at Monroe is part of a disturbing trend targeting higher education institutions across the United States. Just last month, the University of Hawaii reported that its Cancer Center was compromised in an August 2025 ransomware attack. Similarly, Baker University disclosed in December that a 2024 network intrusion led to the theft of personal, health, and financial data belonging to over 53,000 people.
Further highlighting the sector’s vulnerability, several elite universities, including Harvard, Princeton, and the University of Pennsylvania, have recently been ensnared in voice phishing campaigns. These attacks, beginning in October, resulted in the theft of donor, staff, student, and alumni information from compromised development and alumni systems. In a separate but related incident, the notorious Clop ransomware gang successfully hacked the Oracle E-Business Suite platforms at Harvard and the University of Pennsylvania, exfiltrating personal and financial data from students, staff, and suppliers.
(Source: Bleeping Computer)
