Lee University in Cleveland, Tennessee, reported a data breach on March 25, 2025, involving third-party software. An unauthorized party exploited a vulnerability in the software, gaining access to confidential data, including personally identifiable information (PII), financial data, and protected health information (PHI). The breach occurred in March 2024, when unusual activity was detected within the university’s network. The investigation confirmed that the unauthorized party downloaded sensitive information, prompting Lee University to send data breach notifications to those affected.
The university’s investigation found that the breach impacted students and employees, but the specific data compromised has not been fully disclosed.
Lee University took immediate action to contain the incident and enlisted third-party cybersecurity experts to evaluate the breach’s impact. By March 2025, the university reviewed the compromised files and began sending personalized letters to those affected. As of March 27, 2025, more than 3,000 individuals in Texas were confirmed to be impacted.
Lee University has made resources available for those affected, including complimentary identity protection services such as credit monitoring and identity restoration. The university’s notice recommends proactive steps for individuals to protect their personal information, including notifying financial institutions, changing passwords, and obtaining free credit reports. It also urges individuals to place fraud alerts or security freezes on credit reports and take other measures to safeguard their data.
The university has filed disclosures with multiple states, including California, New Hampshire, Vermont, and Texas, as part of its response to the breach.
While investigations continue, Lee University is committed to securing its systems and preventing future unauthorized access. Those affected can seek assistance and enroll in the offered identity protection services through the university’s dedicated support team.
Reference:
