Monroe University Data Breach Exposes Personal Information of 320,000 Individuals in 2024

Monroe University Data Breach Exposes Sensitive Information of Over 320,000 Individuals

A recent cyberattack targeting Monroe University has resulted in the unauthorized access and theft of personal, financial, and health information belonging to more than 320,000 individuals. The breach, which occurred in December 2024, has raised concerns about data security and privacy.

Established in 1933 as a secretarial school in the Bronx, Monroe University has evolved into a prestigious private institution with a diverse student population of over 9,000 students annually. With campuses located in New York (Bronx and New Rochelle) and Saint Lucia, the university has a rich history of academic excellence and community engagement.

According to reports filed with the Office of the Maine Attorney General, the attackers exploited vulnerabilities in the university’s network for a period of two weeks, from December 9 to December 23. This extended access allowed the threat actors to exfiltrate sensitive data undetected.

Following a comprehensive review of the stolen documents in September 2025, Monroe University confirmed that the data breach had impacted a total of 320,973 individuals. The compromised information included a range of sensitive details such as names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, and medical records.

In an official statement released by the university, it was revealed that the exposed data varied by individual and may have included personal identifiers, financial account details, and student records. This alarming discovery prompted immediate action to mitigate the potential risks faced by affected individuals.

As part of the response efforts, Monroe University initiated a notification process to inform victims of the breach and provide guidance on monitoring their credit reports for any signs of fraudulent activity. Additionally, the university extended an offer for one year of complimentary credit monitoring services through Cyberscout to help affected parties safeguard their personal information.

Despite efforts to address the breach, a Monroe University spokesperson declined to provide further details when contacted for additional information by BleepingComputer. The incident underscores the growing threat posed by cyberattacks targeting educational institutions.

Notably, Monroe University faced a previous ransomware attack during its tenure as Monroe College, with attackers demanding a significant ransom for decryption keys. This incident highlights the persistent challenges faced by universities in safeguarding their digital assets and sensitive data.

Recent Cybersecurity Incidents in U.S. Universities

Monroe University is not alone in experiencing cybersecurity breaches, as several other universities across the United States have fallen victim to similar attacks. The University of Hawaii recently disclosed a ransomware incident affecting its Cancer Center, while Baker University reported a data breach compromising the personal information of over 53,000 individuals.

In a concerning trend, voice phishing attacks have targeted multiple U.S. universities, including prestigious institutions such as Harvard University, Princeton University, and the University of Pennsylvania. These attacks have resulted in the theft of sensitive data belonging to donors, staff, students, and alumni.

The Clop ransomware gang, known for its sophisticated tactics, targeted the Oracle E-Business Suite platforms of Harvard University and the University of Pennsylvania to exfiltrate personal and financial data. These incidents serve as a stark reminder of the evolving threat landscape faced by educational institutions.