Monroe University has confirmed that a cybersecurity breach exposed the personal, financial, and health information of 320,973 individuals, one of the largest known breaches affecting an educational institution in recent memory. The incident, which originated from an attack in December 2024, was only fully confirmed after a thorough forensic review in September 2025.
The university, founded in 1933 as a secretarial school in the Bronx and now enrolling over 9,000 students across New York and Santa Lucia, revealed that attackers maintained unauthorized access to its network for two weeks between December 9 and 23, 2024. The full extent of the compromise was only determined after an exhaustive examination of stolen files.
The exposed data includes names, dates of birth, Social Security numbers, driver's licenses, passport numbers, government IDs, medical records, health insurance details, banking information, and email credentials. The university began notifying affected individuals on January 2, 2026, advising them to monitor credit reports and bank statements for signs of fraud or identity theft. It also offered one year of free credit monitoring services through Cyberscout.
This is not the first time Monroe University has faced cybersecurity challenges. In its earlier incarnation as Monroe College, it was targeted by a ransomware attack in 2018, where attackers demanded approximately $2 million worth of Bitcoin for decryption keys. The educational sector in the U.S. has seen a surge in such incidents, with notable breaches affecting institutions like the University of Hawaii's Cancer Center (August 2025), Baker University (2024), and prestigious universities including Harvard, Princeton, and the University of Pennsylvania, which faced voice phishing attacks in October 2025 that compromised donor, employee, and alumni data. Additionally, the Clop ransomware group exploited Oracle E-Business Suite vulnerabilities at Harvard and the University of Pennsylvania, stealing financial data from students and vendors.
The breach at Monroe University underscores the growing threat to educational institutions, which often handle vast amounts of sensitive data while facing resource constraints for robust cybersecurity measures. Experts warn that such incidents are likely to increase without significant improvements in institutional defenses and industry-wide collaboration on security standards.
