CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Baker University Data Breach Exposes 53,624 Records

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

Baker University disclosed a data breach affecting 53,624 individuals after attackers accessed its network from December 2 to 19, 2024. Sensitive personal, health, and financial information was stolen, including Social Security numbers, financial account details, and medical records. The university has not attributed the attack to any specific group and is offering free credit monitoring services to affected individuals. Several other U.S. universities have also been targeted in recent voice phishing attacks. Monroe University recently revealed a separate breach affecting 320,973 individuals, with attackers accessing its network from December 9 to 23, 2024. The stolen data included personal, financial, and health information. Monroe University is offering free credit monitoring services to affected individuals.

Timeline

  1. 14.01.2026 10:57 1 articles · 23h ago

    Monroe University Data Breach Affects 320,973 Individuals

    Monroe University revealed a data breach affecting 320,973 individuals after attackers accessed its network from December 9 to 23, 2024. The stolen data includes personal, financial, and health information. The university is offering free credit monitoring services to affected individuals. Monroe University was previously the victim of a ransomware attack when it was known as Monroe College.

    Show sources
    Open in new tab
  2. 23.12.2025 11:50 2 articles · 22d ago

    Baker University Data Breach Impacts 53,624 Individuals

    Baker University disclosed a data breach affecting 53,624 individuals after attackers accessed its network from December 2 to 19, 2024. The stolen data includes personal, health, and financial information. The university is offering free credit monitoring services and has not attributed the attack to any specific group. Several other U.S. universities have also been targeted in recent voice phishing attacks.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Ransomware Attack on University of Hawaii Cancer Center

The University of Hawaii Cancer Center suffered a ransomware attack on August 31, 2025, compromising a single research project. The breach resulted in the theft of historical data, including Social Security numbers from the 1990s. The university engaged with the threat actors to secure a decryptor and ensure the destruction of stolen data. The attack did not impact clinical operations or patient care but delayed restoration efforts. The university has since taken measures to secure its systems, including installing endpoint protection software and conducting third-party security audits.

Open in new tab

University of Sydney Data Breach Exposes Personal Information of 27,000 Individuals

Hackers accessed an online coding repository at the University of Sydney, stealing personal data of over 27,000 individuals, including current and former staff, students, and alumni. The breach was detected last week, and the university took immediate action to secure the system. The stolen data includes names, dates of birth, phone numbers, home addresses, and job details. The university has not found evidence of the data being published or misused online. The University of Sydney has notified affected individuals and established a dedicated support service for those impacted. Affected individuals are advised to change their passwords and enable multi-factor authentication.

Open in new tab

Princeton University Database Compromised in Phishing Attack

On November 10, 2025, Princeton University suffered a data breach after a phishing attack targeted an employee. The breach exposed personal information of alumni, donors, faculty, and students, including names, email addresses, phone numbers, and home and business addresses. The compromised database did not contain financial information, credentials, or records protected by privacy regulations. The university has since blocked the attackers' access and advised affected individuals to be cautious of phishing attempts. On November 18, 2025, Harvard University experienced a similar data breach due to a voice phishing attack. The breach exposed personal information of students, alumni, donors, staff, and faculty members. The compromised systems did not contain Social Security numbers, passwords, payment card information, or financial information. Harvard is working with law enforcement and third-party cybersecurity experts to investigate the incident and has sent data breach notifications to affected individuals. The breach was discovered on November 18, 2025, and involved unauthorized access to systems used by Harvard's Alumni Affairs and Development department. Harvard University is also one of the many victims of the recent Oracle E-Business Suite hacking campaign.

Open in new tab

Storm-2657 Targets University HR Employees in Payroll Hijacking Campaign

A cybercrime gang, Storm-2657, has been targeting university employees in the United States since March 2025 to hijack salary payments. The attackers have successfully compromised 11 accounts at three universities, sending phishing emails to nearly 6,000 email accounts across 25 universities. The campaign, codenamed Payroll Pirates, exploits a lack of multifactor authentication (MFA) or phishing-resistant MFA to compromise Workday accounts and other third-party HR SaaS platforms. The attackers use sophisticated social engineering tactics and adversary-in-the-middle (AITM) links to steal MFA codes, enabling them to gain access to Exchange Online accounts. Once inside, they alter salary payment configurations and redirect payments to accounts under their control. The attackers also create inbox rules to delete incoming warning notification emails from Workday and enroll their own phone numbers as MFA devices for victim accounts. The compromised email accounts are used to distribute further phishing emails, both within the organization and to other universities. The attacks have been ongoing since March 2025, with Microsoft identifying affected customers and providing mitigation guidance. The campaign has been observed targeting a range of U.S.-based organizations, particularly in the higher education sector, and any software-as-a-service (SaaS) platform storing HR or payment and bank account information.

Open in new tab

Volvo NA Employee Data Stolen in Miljödata Ransomware Attack

The Miljödata breach, affecting Volvo Group North America (Volvo NA) and other organizations, exposed sensitive data for over 1.5 million individuals. The breach, confirmed in August 2025, was perpetrated by the DataCarry ransomware group, which compromised Miljödata's cloud infrastructure. The incident has led to operational disruptions in multiple Swedish regions and is under investigation by the Swedish Authority for Privacy Protection (IMY). The breach affected several universities, at least 25 companies, and 164 municipalities in Sweden, exposing additional PII for other affected organizations. The DataCarry group demanded 1.5 Bitcoins and published stolen data on the Dark Web. The incident highlights the vulnerabilities in centralized, multi-tenant cloud services and the potential for significant reputational and operational damage. Additional organizations, including Stellantis and Jaguar Land Rover, suffered similar supply chain attacks within weeks of the Miljödata incident.

Open in new tab