New York University (NYU) suffered a website defacement and data exposure on March 22, 2025, when a hacker identified as "@bestn-gy" on X compromised NYU's official homepage for approximately two hours. The attacker replaced the page with charts purporting to show admissions data broken down by race, alongside a racial epithet. The same hacker has been linked to a similar attack on Columbia University. NYU restored the site and reported the incident to law enforcement, but not before data on roughly 3.1 million applicants and students had been exposed. The breach exposed names and email addresses, with the attacker also claiming access to additional admissions-related records, including test scores and demographic data, drawn from NYU's data warehouse. Even where only names and email addresses are confirmed, that combination is enough to enable targeted phishing campaigns, identity theft, and tuition or financial aid fraud. The academic and international student context associated with NYU makes such scams easier to craft convincingly. NYU sent a university-wide notification approximately six hours after the breach and later characterized data displayed during the defacement as "inaccurate and misleading." No class-action litigation or formal regulatory enforcement action has been publicly documented in connection with this incident. Affected individuals should treat unexpected emails referencing NYU, admissions, or student accounts with caution, and monitor for signs of account takeover or impersonation.

Universities collect identity, contact, academic, financial, employment, applicant, alumni, and research-linked records across education and administrative systems.

NYU has continued expanding its global academic programs and research enterprise. The university has invested in its medical school and hospital affiliations, as well as technology and innovation initiatives. No major governance or structural changes have been prominently reported in the period surrounding the breach.