"An unauthorized party accessed systems belonging to Monroe University between the dates of Dec. 9 and Dec. 23, 2024, copying files on the network. On Sep. 30, 2025, the university determined these files contained personal data "for certain individuals." Potentially affected data includes: Names Birth dates Driver's license numbers/passport numbers Medical/health insurance data Social Security numbers Government identification numbers Financial account data Electronic accounts/email usernames and passwords Student information"
"Mail notices were sent to impacted individuals on Jan. 2, 2026. The university's statement on the subject asserts that it has "no evidence that information involved in this incident has been used for identity theft or fraud." Although the university encourages individuals to monitor their credit, a report from The HIPAA Journal states that "credit monitoring services do not appear to have been offered.""
An unauthorized party accessed Monroe University systems between Dec. 9 and Dec. 23, 2024, copying network files. On Sep. 30, 2025 the university determined the copied files contained personal data for certain individuals. Potentially exposed data included names, birth dates, government identification numbers, Social Security numbers, financial account data, medical and health insurance information, electronic account credentials, and student records. Mail notices were sent to affected individuals on Jan. 2, 2026. The university stated it had no evidence the information was used for identity theft or fraud. A class action alleges inadequate security, untimely notification, and seeks damages, credit monitoring, reimbursement, and security improvements.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]