A hacker recently infiltrated Columbia University's admissions system, accessing millions of student and applicant records in an attempt to determine whether the school continues to use affirmative action policies.
According to a report by Bloomberg News, the breach led to a systemwide IT outage that disrupted university services for nearly a week. The perpetrator gained access to 1.6GB of personal data from approximately 2.5 million applications spanning decades. The compromised information includes university ID numbers, citizenship status, admissions decisions, and more. A Columbia official said that "initial indications" show the data was stolen, though the full extent may take weeks or months to determine.
A university official also told Bloomberg that the hacker appears to be a “hacktivist.” In a message to the outlet via text, the alleged hacker said they targeted Columbia to find out whether the university was still applying affirmative action policies after the US Supreme Court’s 2023 decision that restricted such practices in higher education.
On June 24, Columbia experienced a widespread IT shutdown that left students and staff unable to access university emails and other services. By June 29, systems had been restored. During the disruption, an image of President Donald Trump smiling appeared on computer screens, including public monitors in the student center, according to The New York Times.
In a public statement, Columbia said, “Last week, we reported a technical outage that disrupted certain parts of our IT systems. We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party. While the investigation is ongoing, we have restored our operations. We now have initial indications that the unauthorized actor also unlawfully stole data from a limited portion of our network.”
It continued, “We are investigating the scope of the apparent theft and will share our findings with the University community as well as anyone whose personal information was compromised. We have not observed threat actor activity on our network since June 24 and will continue to monitor closely for further unlawful activity in our systems.”
