Here are the latest credible reports I can summarize for you:
Columbia University breach affecting about 870,000 people, including students, alumni, and applicants. Exposed data reportedly included full names, dates of birth, Social Security numbers, contact details, and financial aid information. Free credit monitoring and identity restoration services were offered to those affected. Publication dates around mid-2025.
University of Phoenix breach expanded to about 3.5 million people (students, staff, suppliers). Exposed data reportedly includes full names, dates of birth, Social Security numbers, banking details. Authorities have linked the incident to a known ransomware campaign in late 2024/2025.
An industry-wide assessment in late 2025 highlighted that higher education faced a surge in breaches tied to Oracle EBS vulnerabilities and phishing/credential compromises, with multiple institutions named across Ivy League and for-profit systems. This underscores a broader trend rather than a single incident.
Additional reports indicate significant incident response and slower breach disclosures within the education sector, with several cases in 2025 and 2026 prompting calls for stronger data protections and faster notification practices.
Other notable events include breaches at Florida colleges and coverage of data breach trends across higher education, emphasizing that breaches remain an ongoing risk with millions of records affected in some years.
What would you like next?
From Ivy League to For-Profit: How Clop's Oracle Campaign and Social Engineering Attacks Have Exposed Millions of Student Records December 31, 2025 Executive Summary The 2025 academic year will be remembered as one of the most devastating periods for higher education cybersecurity in history. A perfect storm of zero-day exploits,
breached.companyColleges and universities have quietly become one of the hottest targets for cybercriminals, and not just any colleges. Over the past year, Ivy League institutions like Dartmouth, the University of Pennsylvania (UPenn), and Columbia University have experienced data breaches that exposed deeply sensitive personal information belonging to students, alumni, applicants, faculty, researchers, and staff.
www.forthepeople.comCollege students and their professors may be away from campuses, but news of data breaches big and small continue to make headlines at colleges nationwide, including a few during the last week of July.
www.ecampusnews.comThe sector reportedly takes an average of 4.8 months to report attacks — higher than for business, government and healthcare.
www.highereddive.comThere have been 2,691 data breaches at educational institutions since 2005, according to a report from Comparitech, with 2021 having the largest number of breaches.
www.bestcolleges.comA data breach at Columbia University has exposed the personal information of nearly 870,000 people including current students and likely alumni too.
www.inkl.comInformation Security Breach Reported at Florida College
www.fldoe.orgCurrent and former students as well as staff and suppliers are impacted
www.tomsguide.com