Skip to content

Isolated data breaches leave student, university files vulnerable

A series of unrelated data breaches and cyberattacks have cropped up at universities across the country in recent weeks. University databases are always a prime target for hackers and would-be fraudsters, and a few recent incidents are serving as a reminder of the value that university databases hold.

Here’s a brief rundown of a few cyberattacks that have taken place at the University of Colorado, Brown University and the University of Maryland, Baltimore.

U. of Colorado data breach

Hackers are attempting to extort the University of Colorado after a cyberattack that may have compromised personal information from more than 310,000 files.

The information compromised in the breach included grades and transcript data, student ID numbers, race/ethnicity, veteran status, visa status, disability status and limited donor information. The attack may have also compromised “some medical treatment, diagnosis and prescription information, and in limited cases, Social Security numbers and university financial account information,” according to the news release.

The attackers have posted small amounts of data on the internet and are threatening to post more if they are not paid.

University officials were alerted to an attack on a file-sharing system run by third-party vendor, Acellion, in late January and immediately shut down the service. CU was one of at least 10 universities and organizations involved in the attack.

CU is providing credit monitoring, identity monitoring, fraud consultation and identity theft restoration to those affected, most of whom were connected to the Boulder campus.

Brown University responds to cyberattack

A separate cybersecurity attack led Brown University to shut down some of its computer programs last week.

In a letter to the campus community, Bill Thirsk, Brown University’s chief digital officer and chief information officer, stated that the university detected a security incident on March 30, which affected the availability of certain systems within Brown’s computer network.

The cyber threat affected the university’s Microsoft Windows-based programs, prompting employees to shut down connections to the university’s central data center.

Several systems have remained online, including Banner Self Service, Canvas, Workday, Zoom, and Google. Thirsk said most systems have been restored, including websites,, Listserv services and others. File sharing services remain limited in use or are yet to be restored.

U. of Maryland, Baltimore data breach

A third data breach at the University of Maryland last week could impact as many as 309,079 students, faculty and staff. The breach included information on anyone issued a campus ID for Maryland’s College Park and Shady Grove campuses since 1998.

Stolen data included names, Social Security numbers, dates of birth, and university ID numbers.

Recent posts you might like

Receive the latest news

Subscribe to our weekly newsletter

The latest campus ID and security insight sent directly to your inbox.
Receive the latest news

Subscribe to our weekly newsletter

The latest campus ID and security insight sent directly to your inbox.