Introduction to the Hack
A “hacktivist” breached the university’s computer systems in late June. A Columbia University official told amNewYork on Thursday that a hacker who breached the university’s computer systems in late June was a “hacktivist” who stole students’ data to further a political agenda.
The Breach and Its Aftermath
The breach caused a dayslong outage of Columbia’s IT systems beginning on June 24. Some university screens on campus showed photos of President Donald Trump during the outage. The Columbia official did not provide a reason for the attack but said the hacktivist targeted specific data for their unspecified political agenda.
Details of the Hack
Bloomberg News reported that it received information from the hacker about their attack, which appears to include personal information from 2.5 million applications across decades. The hacker, who claimed to work alone, said in a text to Bloomberg that they sought to prove Columbia had continued using affirmative action in its admissions process after the Supreme Court barred the practice in 2023.
University Response and Investigation
The university official said Columbia engaged a top cyber-forensics firm, whose investigation determined the hacker’s methods were “highly sophisticated.” The university responded to the disruption quickly and has seen no detected intrusions since June 24, though it continues to monitor for the hacker’s digital signature, according to a university statement.
Law Enforcement Involvement
Columbia is working with law enforcement, including the FBI, on the ongoing investigation. The hacker told Bloomberg that they had been building up access to Columbia’s systems for two months until they had reached the highest level of access.
Scope of the Data Theft
The hacker also said they had stolen 1.8 million Social Security numbers of employees, applicants, students, and family members, as well as information about salaries and financial aid, though Bloomberg did not receive any of that data. The official said the university would not be able to independently determine the scope of the data theft for weeks or months. After it did, it would begin notifying affected individuals.
Context and Implications
The hacking came amid Columbia’s ongoing fight with the Trump administration, in which it is trying to negotiate the restoration of $400 million in federal funds to the university. The administration and Republicans in Congress have alleged the university has failed to adequately address antisemitism on campus. Questions about diversity in admissions may harm Columbia’s negotiating position, as the Trump administration has expanded its attacks on universities to target diversity, equity and inclusion (DEI) programs.
University’s Stance
Claire Shipman, the university’s acting president, said in a June 12 statement that restoring Columbia’s relationship with the federal government was “essential.” “We’re in danger of reaching a tipping point in terms of preserving our research excellence and the work we do for humanity,” Shipman said.
Related Incidents
According to Bloomberg News, the hacker also claimed responsibility for previously disclosed cyberattacks at the University of Minnesota in 2023 and New York University in March 2025. After the attack on NYU, which appeared to be on a smaller scale, charts appeared on the university’s website claiming to show NYU was continuing to engage in affirmative action practices in admissions.
Conclusion
The breach of Columbia University’s computer systems by a hacktivist has significant implications for data security and the political agenda surrounding affirmative action in university admissions. The university’s response and ongoing investigation with law enforcement aim to mitigate the damage and prevent future incidents.
FAQs
Q: What was the nature of the cyberattack on Columbia University?
A: The cyberattack was carried out by a "hacktivist" who targeted the university’s computer systems to steal data related to admissions, allegedly to prove that the university continues to use affirmative action practices despite a Supreme Court ban.
Q: How did the university respond to the breach?
A: The university engaged a top cyber-forensics firm to investigate the breach, responded quickly to the disruption, and continues to monitor for the hacker’s digital signature. It is also working with law enforcement, including the FBI.
Q: What data was stolen during the breach?
A: The hacker claimed to have stolen 1.8 million Social Security numbers and information about salaries and financial aid, among other data. However, the full scope of the data theft is still being determined.
Q: Are there any related incidents?
A: Yes, the hacker also claimed responsibility for cyberattacks at the University of Minnesota in 2023 and New York University in March 2025, which similarly involved allegations of affirmative action practices in admissions.
Q: How will the university notify affected individuals?
A: Once the university determines the full scope of the data theft, it will begin notifying affected individuals. This process is expected to take weeks or months.
