The financial information and academic performance of Columbia University students and alumni were stolen
in a recent breach, according to a Bloomberg News review of some of the pilfered data.
The data includes bank account and routing numbers, student loan and scholarship disbursements, standardized test scores, grade-point averages, c
lass schedules, home addresses and other contact information, a Bloomberg review of 53.6 gigabytes of the stolen files shows. Nine current and former students wh
o began attending Columbia undergraduate and graduate programs a
s early as the 1990s confirmed the accuracy of their data in the files. Bloomberg couldn’t verify the entire cache.
The new details about the hacked data, which haven’t been previously reported, provide another headache for a univ
ersity that is trying to regain its footing following a bruising battle with the Trump administration over claims that it fostere
d antisemitism and discriminated on the basis of race and national origin.
In response to questions from Bloomberg, a Columbia spokesperson said the investigation into the cyberattac
k — including the specifics of the information exposed — was ongoing. The university believes applicant and student data
was compromised, in addition to certain employee personal information, the spokesperson said.
See more beautiful photo albums Here >>>
Columbia would begin notifications this week to individuals believed to be affected by the attack, the spokesperson sa
id, adding that the school encouraged “all members of the university community” to remain vigilant against scams
and regularly monitor accounts for suspicious activity.
In June, Columbia began investigating a potential cyberattack following an IT outage at the school. A university official d
escribed the perpetrator of the breach as a “hacktivist,” meaning the attacker was politically motivated as opposed to seeking financial gain.
Last month, Bloomberg reported that personal information from applications to Columbia dating back decades — inc
luding whether applicants were accepted or rejected by the school — had been stolen, after reviewing 1.6 gigabytes of data provided by a person who claimed responsibility for the cyberattack.