In March 2025, hackers took over New York University’s (NYU) website for over two hours, exposing sensitive data of over 3 million applicants. This included personal details such as names, test scores, family information, financial aid details, and application data going back to 1989. The hacker targeted the data to highlight what they called NYU’s ongoing “illegal” race-sensitive admissions practices, displaying charts of test scores and GPAs of admitted students, claiming racial disparities.
The hacker posted accessible CSV files on the site, revealing applicants’ demographic information, city and zip codes, citizenship status, and more. Among the leaked data was Common Application information, including details on financial aid, Early Decision applications, and rejected students. The files also showed personal data of family members, such as siblings and parents, exposing private information of over three decades’ worth of applicants.
NYU quickly responded by restoring its website and halting the malicious activity. The university reported the breach to law enforcement and committed to strengthening its security systems. This incident follows a similar breach in 2023 at the University of Minnesota, where a hacker exposed millions of social security numbers and personal data, leading to a class-action lawsuit.
Data breaches at universities have become more frequent in recent years, with institutions like Stanford and Georgetown also suffering from breaches. In response to the Supreme Court’s affirmative action ruling in 2023, NYU faced significant declines in minority student enrollments, which it criticized. Despite these challenges, the university stated its commitment to continue its admissions practices while improving security to prevent future breaches.
Reference:
