Columbia University Breach

New York, NY - The hacktivist behind politically motivated data breaches at the University of Minnesota and New York University has now claimed responsibility for the recent massive data breach at Columbia University.                 
                   
In an exclusive communication with databreach.com, the hacktivist, who identifies as "niggy," detailed the technical scope of the Columbia compromise, which is the latest in a string of attacks intended to expose university admissions practices.                  
                   
The attacker claims to have breached some of Columbia's most critical infrastructure, including its Student Information System (SIS), Active Directory (AD), and all VMWare ESXI hosts across its major datacenters.                   

A Clear Pattern of Politically Motivated Attacks                   

While the hacktivist did not specify a motive for the Columbia attack in their communication with databreach.com, their past actions reveal a clear political agenda.                   
                   
This is the third major university breach attributed to this threat actor following the Supreme Court's 2023 ruling on affirmative action.                   

1. University of Minnesota (July 2023): "ni--y" took credit for breaching UMN and exfiltrating over seven million Social Security Numbers. In a public post, the hacktivist stated the attack was to "provide Signals Intelligence... about the effects of affirmative action."                   
                      
2. New York University (March 2025): The hacktivist claimed responsibility for a breach at NYU, defacing its website with admissions data sorted by race. The message explicitly stated, "On June 29, 2023, racial affirmative action in college admissions was ruled illegal. Computer ni--y Exploitation (CNE) reveals NYU continued anyway."               
                      
   This established history strongly suggests the attack on Columbia was driven by the same desire to analyze and expose admissions data.                   

The Scope of the Columbia Breach                   

According to the hacktivist, the technical scope of the new attack on Columbia is significant. They stated:                   

"Their SIS was compromised, their AD was compromised (ADCU, and several other domains), all their ESXI hosts were compromised (both their Morningside Heights and Syracuse datacenters). Everything was compromised."                   
                   
If the hacker’s claim of full, unrestricted access to Columbia’s Student Information System (SIS) is accurate, they could possess a complete historical snapshot of student data-covering everyone who has attended the university in the last few decades.        
        
Because universities archive SIS records for transcript services, alumni outreach, and federal reporting, the breach may include personal details not only for current students but also for tens of thousands of graduates.      
       
This data may include:       

• Full legal name (and any preferred/chosen name)       
• Date and place of birth       
• Social Security Number       
• Passport, visa, or driver’s-license numbers       
• Permanent and local mailing addresses       
• Personal and Columbia email addresses       
• Mobile and home phone numbers       
• Columbia student ID (PID) and UNI login       
• Race, ethnicity, and citizenship status       
• Cumulative GPA, course grades, and disciplinary records       
• Financial-aid data (FAFSA details, scholarship/loan amounts)       
• Bank account and routing numbers used for tuition payments or refunds       
  To substantiate their claims, the hacktivist provided databreach.com with a list of ~350,000 University Network IDs (UNIs) compromised in the breach.        
  We have made this list searchable on the site. If your UNI appears in the search, it confirms your data was part of the breach, although the specific types of personal information exposed may vary by individual.       
          
  This new breach at Columbia follows the university's public acknowledgment of a significant "IT outage" that was being investigated by the NYPD. However, Columbia has yet to publicly confirm the extent of the data loss.           

Columbia University’s Response and Ongoing Investigation           

Columbia first acknowledged “widespread system outages” on the morning of Tuesday, June 24, 2025, after core online services-including UNI log-ins, LionMail, and the CourseWorks learning platform-went dark across the Morningside campus.     
           
A university spokesperson said IT staff were “working to restore services as quickly as possible” and had already notified law-enforcement partners; the school stressed that clinical operations at Columbia University Irving Medical Center were not affected and that, at that moment, it had “no indication of data being compromised.”     
           
Within hours, the New York Police Department confirmed its cyber-crime unit was assisting, and multiple trade publications reported that the FBI had also been asked to lend support, although the bureau has not publicly commented.