Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis.
Columbia, one of the oldest Ivy League universities, discovered the breach after a network outage in June. According to Columbia, the disruption was caused by an unauthorized party that accessed its systems and stole sensitive data. Investigators are still assessing the full scope of the theft.
Read more…
Source: MSN News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- YouTube to pay $24.5 million to settle Trump lawsuit
September 30, 2025
YouTube agreed to pay $24.5 million to settle a lawsuit filed by President Donald Trump after he was suspended by social media platforms following the January 6, 2021, insurrection. This makes Alphabet-owned YouTube the last of the three Big Tech social media companies sued by Trump — which included Meta and then Twitter, now called X ...
- ‘Widespread’ breach let hackers steal employee data from FEMA and CBP
September 29, 2025
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen ...
- CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices
September 25, 2025
Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies ...
- US federal agency breached by hackers using GeoServer exploit
September 24, 2025
In mid-July 2024, a threat actor managed to break into a US Federal Civilian Executive Branch (FCEB) agency by exploiting a critical remote code execution (RCE) vulnerability in GeoServer, the government has confirmed. In an in-depth report detailing the incident, the US Cybersecurity and Infrastructure Security Agency (CISA) outlined how the attackers leveraged CVE-2024-36401, a 9.8/10 ...
- Top auto insurance firm leaked over 5 million records
September 24, 2025
ClaimPix, a company which streamlines car insurance claims, was leaking sensitive customer data on the clearweb, including people’s phone numbers, and email addresses, an expert has warned. Security researcher Jeremiah Fowler, known for hunting down misconfigured and unprotected databases, recently found one such instance containing 5.1 million files, sharing his findings with WebsitePlanet. The archive was ...
- Stellantis detects breach at third-party provider for North American customers
September 22, 2025
Stellantis detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, the company said in a statement on Sunday. The automaker said the incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data. Stellantis did not specify how many ...