Statement

Updating Our Community on the Cyber Incident

August 05, 2025
Columbia University Logo

Dear members of the Columbia community,

On July 2, 2025, we wrote to inform you all that an unauthorized party gained access to and stole data from our network, disrupting our systems in the process. Our team worked quickly to restore operations, immediately launched an investigation with the assistance of leading cybersecurity experts, and notified law enforcement. We have no evidence of unauthorized access to our systems since June 24, 2025.

This has been an intensive effort from a large group across the University. Though our investigation is still underway, we have learned more about the nature of the incident and the data involved. Our investigation has identified that the unauthorized party obtained information about students and applicants related to admissions, enrollment, and financial aid processes, as well as certain personal information associated with some Columbia employees. The affected information includes Social Security numbers, contact details, demographic information, academic history, financial aid-related information, insurance-related information, and certain health information. It’s important to note that, to date, we have identified no indication that any Columbia University Irving Medical Center patient records were affected.

Beginning August 7, we will begin notifying individuals, on a rolling basis, whose personal information may have been affected, via U.S. Postal Service mail. We will be offering affected individuals two years of complimentary credit monitoring, fraud consultation, and identity theft restoration services through a well-known vendor. Regardless of whether you are affected, we encourage all members of the University community to remain vigilant and continue to monitor your accounts for suspicious activity as you normally would.

We also have taken steps to harden our systems by implementing safeguards and enhanced protocols to prevent future incidents, and we remain committed to continuously improving our defenses.

We recognize the concern this matter may have raised and appreciate your ongoing patience during this challenging time. Please know we are committed to supporting the University community. You can continue to rely on official University communications for updates. Also, please be aware that following a cybersecurity incident such as this, scammers may reach out offering fraudulent services. For additional information our hotline is available at (866) 819-7006, Monday through Friday, 9:00 am to 6:30 pm Eastern Time, excluding major U.S. holidays.

Thank you for your continued understanding.