Columbia University 2025 Data Breach

Columbia University Breach (2025): 346K Records Including SSN Exposed by Politically Motivated Hacktivist | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

"niggy" / "Computer Niggy Operations" (politically-motivated hacktivist; same actor as UMN 2023 + NYU 2025)MisconfigurationEducationDate of BirthEmail AddressFull NamePhone NumberSocial Security Number
High SeverityWebsite / service breach

Columbia University Breach (2025): 346K Records Including SSN Exposed by Politically Motivated Hacktivist

Private research university in New York City.

Verified by ObscureIQ Intelligence
68/100Breach Risk Index
25Data Value
40Market Recency
301dSince Breach

Breach Intelligence Summary

Entity: Columbia University · Actor: "niggy" / "Computer Niggy Operations" (politically-motivated hacktivist; same actor as UMN 2023 + NYU 2025) · Sources: 2 references
Attack: Misconfiguration
Profile: University · Higher education and research · Academic institution · USA
Timeline: Breach (2025-06-24) · Indexed (Jun 30, 2025) · Year (2025)
Exposure: 346K records · 5 fields: Date of Birth, Email Address, Full Name, Phone Number, Social Security Number
Status: Reported

Executive Summary

Columbia University suffered a data breach in approximately April 2025 when a politically-motivated hacktivist using the alias 'niggy' (or 'Computer Niggy Operations') gained unauthorized access to Columbia's IT infrastructure and spent more than two months prowling the network before triggering a multi-day system outage on June 24, 2025. The hacker compromised Columbia's Student Information System (SIS), multiple Active Directory domains (including ADCU and several others), and all VMware ESXi virtualization hosts at both Columbia's Morningside Heights data center and the Syracuse, New York data center. The hacker exfiltrated approximately 460 gigabytes of data and released a 1.6-gigabyte sample to demonstrate authenticity. Columbia disclosed the breach on July 1, 2025 with state attorney general filings on August 7-8, 2025. The same hacker has claimed responsibility for two prior university breaches: the University of Minnesota in July 2023 (with seven million SSNs exfiltrated) and New York University in March 2025 (with NYU's website defaced with admissions data sorted by race), with all three attacks framed as politically motivated efforts to expose continued affirmative-action admissions practices following the U.S. Supreme Court's June 2023 ruling barring race-based admissions. The breach affected approximately 345,746 individuals based on records indexed by DataBreach.com (with The Record citing approximately 900,000 affected individuals based on subsequent Columbia disclosures). Compromised fields included full names, Social Security numbers, dates of birth, email addresses, phone numbers, addresses, driver's license numbers, financial account information including bank account details for tuition payment and refund processing, medical information, health insurance information, and university-issued identification numbers (UNIs). The attacker also obtained approximately 2.5 million admission applications dating to the late 1990s including university-issued identification numbers, citizenship status, and final admissions decisions. The exposure of SSN combined with date of birth, address, driver's license, financial account, and medical information represents an exceptionally comprehensive identity-fraud kit. For affected individuals, the practical risk profile is exceptionally severe given the comprehensive identity-data exposure. Affected individuals who are current or former Columbia students, faculty, staff, alumni, or applicants should enroll in the complimentary credit monitoring services offered by Columbia, place a credit freeze with all three credit bureaus (Equifax, Experian, TransUnion), monitor financial accounts and medical records for unauthorized activity, and remain alert to phishing or impersonation attempts referencing real Columbia-association details. The SSN exposure at a university is distinctively concerning because students often do not actively monitor their credit during their studies (because they have no mortgage, car loan, or other large account that would trigger credit-bureau alerts), making student-victim populations especially vulnerable to silent identity-fraud accumulation that may not be apparent until after graduation. Affected international students whose citizenship status was exposed face additional risk including potential targeted profiling. Affected individuals whose admission applications were exfiltrated may face additional risk because the hacker's stated motivation involves the public release of admissions data including racial demographic information, which could subject affected applicants to identification through subsequent media reporting based on the stolen data. Class-action litigation is available for affected individuals seeking compensation, and affected individuals may file complaints with state attorneys general in California, Texas, or other applicable states.

ObscureIQ assessment: High risk of phishing, identity theft, payroll or tuition fraud, and exposure of research or donor relationships. Large university ecosystems also create broad attack surface across students and staff.

Breach Impact

The institutional impact on Columbia has been substantial and continues to evolve. Columbia incurred costs associated with extended IT system recovery (with the breach causing a multi-day outage of UNI logins, LionMail, and the CourseWorks learning platform), forensic investigation, multi-state regulatory filings, and individualized victim notification. The breach occurred during an exceptionally complicated political period for Columbia given the parallel federal funding freeze and ongoing public scrutiny of Columbia's admissions practices, with the hacker's politically-motivated decision to release data showing alleged continued race-conscious admissions adding additional pressure to Columbia's federal research grant negotiations. The Bloomberg and New York Times coverage based on the stolen data created significant additional reputational and regulatory exposure beyond the direct breach impact. The case has been broadly cited as among the most significant U.S. higher education cyberattacks of 2025 and as illustrating both the increased political-motivation profile of contemporary U.S. hacktivism and the strategic value of higher education admissions data for political messaging. Class-action and state regulatory exposure remains active.

About Columbia University

Columbia University in the City of New York is a private Ivy League research university founded in 1754 (originally as King's College) and headquartered at the Morningside Heights campus in Manhattan with additional campuses including the Manhattanville campus, the medical center campus at Washington Heights, and a Syracuse, New York data center. Columbia enrolls more than 36,000 students across its undergraduate program, graduate schools, and professional schools including the Columbia Business School, the College of Physicians and Surgeons, the Mailman School of Public Health, the Columbia Law School, the Columbia Journalism School, and the Columbia Engineering school. As a major research university with extensive academic, administrative, healthcare, and alumni operations, Columbia maintains identity, contact, academic, financial, employment, applicant, alumni, and research-related records across multiple enterprise systems including its Student Information System (SIS), Active Directory authentication infrastructure, and VMware-based virtualization platforms across Manhattan and Syracuse data centers.

Why They Hold Your Data

Universities collect identity, contact, academic, financial, employment, applicant, alumni, and research-related records across education, healthcare, and administrative systems.

Recent Developments

Columbia disclosed the breach on July 1, 2025 after initially characterizing the June 24, 2025 incident as a 'technical outage' or 'IT outage.' On July 2, 2025, a Columbia official publicly stated that the attack was perpetrated by a 'highly sophisticated' hacktivist with a 'political agenda' who broke in and stole 'targeted' student data. Columbia engaged a top cyber-forensics firm and reported no detected intrusions since June 24, 2025. The hacker subsequently provided tranches of the stolen data to Bloomberg News and The New York Times, both of which ran stories based on the stolen data including the Bloomberg report indicating that the dataset includes approximately 2.5 million admission applications dating to the late 1990s. State attorney general filings in California and Texas on August 7-8, 2025 disclosed approximately 345,746 affected individuals (with The Record citing 900,000 affected individuals based on a separate Columbia disclosure). The case sits within Columbia's broader political conflict with the Trump administration including a $400 million federal research funding freeze that the administration imposed citing concerns about Columbia's handling of pro-Palestine protests on campus and diversity programs.

Data Points Exposed

5 verified field types
Date of Birth High
Email Address
Full Name High
Phone Number
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Full identity theft & synthetic identity fraud

Threat Actor: "niggy" / "Computer Niggy Operations" (politically-motivated hacktivist; same actor as UMN 2023 + NYU 2025)

"niggy" / "Computer Niggy Operations" (politically-motivated hacktivist; same actor as UMN 2023 + NYU 2025)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Columbia University breach?

Columbia University suffered a data breach in approximately April 2025 when a politically-motivated hacktivist using the alias 'niggy' (or 'Computer Niggy Operations') gained unauthorized access to Columbia's IT infrastructure and spent more than two months prowling the network before triggering a…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Phone Number, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation