Summary
A hacker compromised NYU’s website, leaking data of over 3 million applicants since 1989. The hacker claims the act aimed to expose illegal admissions practices. The breach included names, test scores, financial aid details, and more, prompting investigations and potential legal action.
** Main Story**
A massive data breach at New York University (NYU) has exposed the personal information of over 3 million applicants dating back to 1989. A hacker, claiming to expose illegal admissions practices, compromised the university’s website on March 22, 2025, displaying charts allegedly showing disparities in admitted student test scores based on race. This breach raises serious concerns about data security in educational institutions and the potential consequences for affected individuals.
The Extent of the Breach
The exposed data includes a wide range of sensitive information, including:
- Names
- Test scores (SAT, ACT)
- GPAs
- Majors
- Zip codes
- Citizenship status
- Financial aid details
- Family member information
- Common Application data (including rejected students and Early Decision applicants)
The hacker reportedly accessed NYU’s data warehouse and organized the information into charts displayed on the defaced NYU homepage. Four CSV files containing the data were also accessible during the breach. The hacker, using the alias “@bestn–gy” on X (formerly Twitter), claims to have previously attacked the University of Minnesota, exposing millions of Social Security numbers.
NYU’s Response and Ongoing Investigations
NYU’s IT team responded to the attack, restoring the website within a few hours. The university has reported the incident to law enforcement, engaged cybersecurity specialists, and launched an internal review to bolster its security systems. NYU spokesperson John Beckman confirmed these actions and advised applicants to be vigilant about potential identity theft. As of today, March 27, 2025, investigations are underway to determine the full scope of the breach and identify affected individuals. Several law firms are investigating the possibility of class-action lawsuits against NYU for its failure to protect sensitive information. These firms are encouraging affected applicants to come forward.
Implications and Concerns
This data breach raises significant concerns about data security practices within educational institutions. The fact that data dating back to 1989 was compromised suggests potential vulnerabilities in long-term data storage and protection. The breach also highlights the risks of relying on self-reported data in college applications, as the hacker used this information to make claims about discriminatory admissions practices.
For the millions of affected individuals, this breach poses serious risks of identity theft and other forms of misuse of their personal information. The exposed data could be used for phishing scams, fraudulent applications, and other malicious activities. The long-term consequences for affected applicants remain unknown but are a serious cause for concern. The incident emphasizes the importance of robust cybersecurity measures and the need for educational institutions to prioritize the protection of sensitive student data.
Given the claim of exposing discriminatory admissions practices, do you think a third-party audit of university admissions algorithms and data handling should now be standard practice?
That’s a great point! A third-party audit could offer transparency and accountability, and might help uncover unintentional biases in the algorithms. Standardizing this could boost public trust in university admissions processes. What are your thoughts on how frequent these audits should be?
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
The claim of exposing discriminatory practices underscores the importance of secure data handling and access controls within university systems. Do you think universities should implement more robust, real-time monitoring of data access to detect and prevent unauthorized activity?
That’s a crucial point. Real-time monitoring of data access could definitely help detect unauthorized activity faster. It would be interesting to explore how universities can balance that monitoring with individual privacy rights to avoid overreach and maintain ethical data governance.
Editor: StorageTech.News
Thank you to our Sponsor Esdebe
NYU’s IT team restored the website in a few hours? Impressive! I wonder if they offer a crash course in “Website Recovery for Dummies.” Perhaps a collaboration with the University of Minnesota is in order. They seem to have experience with breaches… just a thought.