Cambridge University Press & Assessment, an academic publisher and assessment organization based in England, reported a data breach. The breach, identified on June 5, 2024, was detected when suspicious activity appeared on a network segment of its Australian subsidiary. This prompted an immediate investigation into the nature of the breach, as Cambridge sought to assess the extent of the compromise. The company confirmed that sensitive personal identifiable information (PII) was potentially exposed by an unauthorized third party.
The investigation revealed that personal information such as names and Social Security numbers may have been compromised during the breach. Following the discovery, the company conducted a review to identify which individuals had been affected and the specific types of data exposed. The review was completed in April 2025, and a detailed analysis of the impacted data was initiated to determine the scope of the breach. Cambridge University Press & Assessment’s efforts to secure its systems have been ongoing since the incident.
As part of their response, Cambridge University Press & Assessment began sending data breach notification letters to affected individuals on April 23, 2025. These letters outlined the specific types of information that had been compromised and offered a range of services, including complimentary credit monitoring. The company has taken steps to inform and assist the impacted individuals, ensuring they are aware of the breach and its potential consequences.
Cambridge University Press & Assessment, headquartered in Cambridge, England, employs over 5,000 individuals worldwide and delivers educational products to millions. The breach highlights the need for vigilance in securing sensitive academic and personal data, especially as the company provides services to more than 8 million learners in over 170 countries.
Reference:
