Baker University has announced a data breach that took place a year ago, compromising the personal, health, and financial details of over 53,000 individuals.

Established in 1858, Baker University is a private institution located in Baldwin City, Kansas, with nearly 2,000 enrolled students (1,457 of whom are undergraduates) and more than 300 staff members.

The university uncovered unusual activity on its network following a service outage in December 2024. Investigations revealed that attackers had unauthorized access to its systems from December 2 to 19, during which they extracted sensitive documents.

In a breach notification letter posted on its website, Baker University commented, “Through this review, we identified that information potentially involved comprised data on individuals affiliated with Baker University.”

The compromised data varied per individual and comprised details such as names, dates of birth, driver’s license numbers, financial account data, health insurance details, medical records, passport information, Social Security numbers, student IDs, and tax identification numbers.

According to a filing with the Maine Attorney General’s Office, the breach affects a total of 53,624 individuals.

While the university has found no evidence of any misuse of the compromised information, it is offering complimentary credit monitoring to affected parties and urging them to keep an eye on their financial statements and credit reports for any unusual activity.

Baker University president Jody Fournier expressed, “Ensuring the confidentiality, privacy, and security of our Baker community’s personal information is a top priority for our institution. Our team has collaborated with external cybersecurity experts since the incident and has successfully rebuilt one of our main platforms that was breached during the attack.”

Details regarding the specific nature of the cyber attack remain undisclosed, and no connection to a particular cybercrime group or state-sponsored actor has been noted.

Other universities in the U.S. have also reported breaches in voice phishing incidents since late October, including Harvard University, Princeton University, and the University of Pennsylvania, all of which experienced breaches aimed at stealing personal information of students, alumni, donors, and staff.

The Clop ransomware group also targeted Harvard University and the University of Pennsylvania in a campaign that exploited a zero-day vulnerability in their Oracle E-Business Suite financial platforms to access sensitive data from students, staff, and suppliers.

Broken IAM isn’t just an IT issue – the repercussions affect your entire organization.

This practical guide outlines why traditional IAM methods fall short in contemporary environments, examples of effective IAM practices, and a straightforward checklist for developing a scalable strategy.

Get the guide